Cyber Incident Victim: Intersport

In 2020, Intersport, an international sporting goods retailer, experienced two distinct cyberattacks. The first incident, reported in June, involved a Magecart attack targeting Intersport’s e-commerce websites in Slovenia, Croatia, Serbia, Bosnia and Hercegovina, and Montenegro. Magecart attacks typically involve the injection of malicious code into online payment pages to steal customer payment data, though the article does not specify the exact data compromised in this case. Approximately six months later, on or around December 2, 2020, Intersport faced a second cyberattack attributed to the Conti ransomware group. Conti threat actors claimed to have exfiltrated data from Intersport’s systems and dumped more than two dozen files online as alleged proof of their access. The group’s involvement suggested a ransomware operation, which often combines data theft with encryption of victim systems to extort payments. DataBreaches.net contacted Intersport for comment on the December incident but received no response by the time of publication.

The Conti attack represented an escalation in tactics compared to the earlier Magecart incident, shifting from stealthy payment card skimming to a disruptive ransomware operation with public data leaks. While the article does not detail the specific types of data exfiltrated in the December attack, Conti’s history of targeting corporate networks implied potential exposure of internal business documents, employee information, or customer records. Intersport’s lack of public acknowledgment or response to the Conti incident, as noted in the article, left the full scope of operational disruption, financial impact, and remediation efforts unconfirmed. The two attacks collectively highlighted persistent vulnerabilities in Intersport’s digital infrastructure across multiple regional subsidiaries and underscored the evolving threats faced by retail organizations, from payment fraud to double-extortion ransomware campaigns.