UK retailer WH Smith suffered a data breach that revealed information belonging to current and former employees.
The company operates 1,700 sites across the UK and employs over 12,500 people, recording sales of $1.67 billion in 2022.
Customer data is safe
“WH Smith PLC has been the target of a cybersecurity incident which resulted in unlawful access to certain company data, including data of current and former employees,” the company statement read. cybersecurity notice filed with the London Stock Exchange.
“Upon learning of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notification to the appropriate authorities” – WH Smith
The company says the attack did not impact its business operations. Customer data was not affected as this information is stored on separate systems which remained secure from unauthorized access.
Those confirmed to be affected by the incident will be notified directly. WH Smith indicates that special measures to support them will be put in place. This will likely include identity protection services.
The notification to the London Stock Exchange includes few details and the company did not share the nature of the incident, which could be a ransomware attack.
The company has not yet determined how many people have been affected.
Although there are no details on the date of the attack, it can be concluded that the intrusion occurred after January 18, the date of the company’s last commercial update, which did not mention no cyber attack. According to BBCthe incident happened earlier this week.
Cyberattacks in the UK this year
The UK has seen several high-profile ransomware attacks since the start of the year, leading to severe business disruption and significant data breaches in some cases.
A notable example is the attack on Yum! Brands On January 19, which forced the company to close 300 KFC, Pizza Hut, Taco Bell and The Habit Burger Grill restaurants in the UK.
On January 30, the British sportswear chain JD Sports revealed that it suffered a data breach after hackers compromised its servers and stole the online ordering information of ten million customers.
On February 7, the LockBit ransomware gang claimed responsibility for the cyberattack against royal mailUK’s largest courier delivery service provider, forcing the company and its customers to suffer lengthy outages.