Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Employee data compromised in WH Smith cyber attack

British retailer WH Smith was targeted in a serious cyber attack that has seen company data compromised.

user icon Daniel Croft
Fri, 03 Mar 2023
Employee data compromised in WH Smith cyber attack
expand image

The retailer said that the information of employees — current and former — was accessed by the attackers, but it has confirmed that no customer information was accessed and that trading activities have remained normal.

The company employs roughly 10,000 people in the UK alone.

WH Smith has said that it has launched an immediate investigation into the attack.

“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” it said.

“Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities.

“WH Smith takes the issue of cyber security extremely seriously, and investigations into the incident are ongoing.

“We are notifying all affected colleagues and have put measures in place to support them.”

WH Smith, while largely based in the UK, has 600 stores worldwide in airports, train stations and shopping centres. It specialises in book sales and convenience.

In the under three-month period of 2023, the UK has already seen a number of serious ransomware attacks, including JD Sports, which announced on 30 January it was attacked, and Yum! Brands on 19 January, which saw 300 KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill establishments in the UK closed.

The attack on WH Smith is the second attack reported on a bookstore chain in the same number of days, with news of a ransomware attack on Canadian bookstore chain Indigo surfacing yesterday (2 March).

Indigo maintains that no customer data has been leaked, stolen or accessed by bad actors but has said that, like with WH Smith, employee data was compromised.

“There is no reason to believe customer data has been improperly accessed, but we now know that some employee data was,” the company said on its FAQ page.

Indigo’s investigations revealed that the criminals used the popular LockBit ransomware in the attack.

“Although we do not know the identity of the criminals, some criminal groups using LockBit are located in or affiliated with Russian organised crime,” continued Indigo.

“We are continuing to work closely with the Canadian police services and the FBI in the United States in response to the attack.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.