Amended version of their statement...
"Sports Direct filed an incident report with the Information Commissioner's Office because they wanted to cover their butts after it became aware that its workforce's information had been compromised, but as there was no evidence well, at least the intruder didn't give us any that the hacker had made further copies of the data the snatched or shared the data they probably sold it, but didn't share it, the company did not report the breach to its staff."
The usual BS. "Somebody stole that data, and we pretty much know they're using it to f**k the affected people, but we don't have actual evidence of them using it. So no need for action."