IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WH Smith hit by cyber attack, current and former staff data accessed

The company stated that it is notifying staff members who have been affected

WH Smith has revealed that it has been hit by a cyber attack which has impacted current and former staff members.

The retailer made the public notification via an alert issued to the London Stock Exchange on 2 March, advising investors of a cyber security incident.

It said the attack has resulted in illegal access to some company data, which includes data on current and former employees.

An investigation has been launched into the attack with support from third-party cyber security experts. Relevant authorities have been informed per the company's incident response plan.

“WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them.”

“There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

IT Pro contacted WH Smith for additional information but it declined to comment beyond its official statement.

“Although they acknowledge that employee data has been compromised, they are assuring customers that their details and financial information were stored separately and will not have been affected," said Will Richmond-Coggan, a data breach litigation specialist at national law firm Freeths.

"Keeping categories of information separate and secure from one another is vital in ensuring that a compromise of one system cannot affect the remainder of the business; They also say that they have already been in touch with employees and offered them support.

“Prompt efforts to communicate with those affected, and the offer of measures targeted at any risk of harm, can make a significant difference to the risk of regulatory enforcement, or subsequent claims," he added.

In April 2022, greeting cards business Funky Pigeon, a WH Smith subsidiary, was hit by a cyber attack.

It took its systems offline and was unable to fulfil any orders, and wrote to customers from the previous 12 months to inform them of the incident.

Analysis of WH Smith's cyber attack disclosure

The wording of organisations' data breach and cyber attack notifications is usually deliberately vague.

Some companies opt for total transparency whereas others, like Royal Mail International most recently, go for a strategically opaque approach.

WH Smith's disclosure falls somewhere in the middle and is about as vague as most cyber incident notifications in the UK.

Related Resource

Uncovering the ransomware threat from global supply chains

Everything is connected

Red whitepaper cover with title and logo and shaded, lined pattern on the backgroundFree Download

Royal Mail's ransomware attack was originally called a "cyber incident" by the company from the outset, wording that remained long after it was reported to be ransomware.

Others, such as the recent attack on Minneapolis Public Schools, go further. In this case, the organisation referred to its attack as an 'encryption event".

The fact that WH Smith's trading operations remain functional is a promising sign for its chances of recovery and could indicate that the attack was not ransomware in nature.

Ransomware attacks are usually carried out using a double extortion model and aim to disrupt the target as much as possible to encourage payment.

The hiring of outside cyber security experts is a common occurrence in cyber attack scenarios and the practice is often said to be a necessity when constructing an organisation's incident response playbook.

The relevant authorities cited likely referred to are the Information Commissioner's Office (ICO) and could also include the National Cyber Security Centre (NCSC) and National Crime Agency (NCA), among others.

As is usually the case, more details about the incident are likely to trickle out over time.

This is a developing story.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023