WHSmith suffers cyber security attack, employee data breached

WHSmith has confirmed a cyber security incident that has resulted in illegal access to current and former employee data.

The British retailer immediately launched an investigation, initiated an incident response plan, engaged specialist support services, and notified authorities.

In a statement, WHSmith said: “[We take] the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.”

The WHSmith website, customer accounts and underlying customer databases are not believed to be affected, as they are hosted on separate systems.

Despite ‘strong trading’ in January, shares were down by 1% to 1,571p on Thursday morning after the cyber security incident was confirmed.

Since the start of the year, multiple high-profile companies in the UK have been victim of cyber crime, including a LockBit ransomware attack on the Royal Mail and an attack on JD Sports that led to data of 10 million customers put at risk.

Guy Golan, CEO and co-founder of cyber security firm Performanta, said to Yahoo News: “Major brands such as WHSmith should assume they will be breached by cyber-attacks and have an appropriate plan in place to respond with. Previously, the common consensus was that if you invest in cybersecurity, you’re safe. But now it’s question of when an attack will occur, rather than if, and how ready household name brands are for that scenario.”

Image source: Dorsetdude

Hungry for more tech news?

Sign for your weekly tech briefings to be in with the chance to win a £50 gift card!