W.H. Smith is the latest UK-based business to suffer a cyber attack, following the Royal Mail ransomware attack and data breach at JD Sports.
WH Smith has confirmed that it was targeted in a cyberattack resulting in the theft of employee data. Following the detection of the attack, WH Smith initiated an investigation in partnership with cybersecurity experts and implemented incident response strategies, including notifying relevant authorities.
What Data Was Stolen in WH Smith Hack
The hackers managed to access the retailer’s current and former employees’ information, including names, dates of birth, addresses, and national insurance numbers.
The stationary and book giant stated that currently there is no evidence that banking details were accessed during the attack. WH Smith also revealed that the hacking didn’t affect its trading activities, and its website, customer databases, and customer accounts were also unaffected because they were on separate systems.
However, Risk Crew’s CEO, Richard Hollis, says that even though financial data wasn’t compromised in the attack, it doesn’t make the incident any less concerning because of the involvement of the personal information of its employees.
In a comment to Hackread.com, Jasson Casey, CTO at Beyond Identity said, “This attack on WHSmith serves as yet another reminder that adversaries continue to ramp up their attacks.”
“Studies like the Verizon Data Breach Investigation Report confirm that threat actors are often taking advantage of outdated security measures that make it cheap and easy to pull off a successful attack,” Jasson added.
The CTO warned that “the unfortunate attack on WHSmith won’t be the last and should be the wake-up call that organisations need to fix outdated controls”
WH Smith’s Statement
In a media statement, WH Smith emphasized that it takes cybersecurity seriously and is currently notifying all affected employees and providing support to them.
WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.
Meanwhile, experts are recommending that businesses in the retail sector implement data-centred protective measures to secure sensitive data like financial, transactional, and PII data.
The cyberattack on WH Smith is one of several recent attacks on UK-based businesses, with Royal Mail’s international postal services being offline for an extended period after a ransomware attack on the company.