WH Smith Cyberattack: Employee Data Stolen in Data Breach

British retail chain WH Smith has announced that it has suffered a cyberattack that resulted in the theft of personal information belonging to current and former employees.

The company has over 1,700 locations across the UK and employs over 12,500 people. WH Smith reported revenue of $1.67 billion in 2022.

Details on the WH Smith Cyberattack

The company’s cybersecurity notice filed with the London Stock Exchange states that the cyberattack resulted in illegal access to some company data, including employee data.

Upon discovering the breach, WH Smith launched an investigation, engaged specialist support services, and implemented incident response plans that included notifying relevant authorities.

The company has assured customers that its trading business has not been impacted by the cyberattack. Customer data was not compromised because it is stored on separate systems that remain safe from unauthorized access.

However, the company has not disclosed how many individuals have been affected by the data breach. Those confirmed to be impacted will be notified directly, and the company will put special measures in place to support them, which could include identity protection services.

WH Smith Cyberattack and how it is being handled?

The cybersecurity notice filed with the London Stock Exchange provides few details about the incident, and the company has not disclosed the nature of the attack.

It is unclear when the cyberattack occurred, but it is believed to have happened after January 18, the date of the company’s last trading update, which did not mention any cyberattack. According to the BBC, the incident happened earlier this week.

The UK has experienced several high-profile ransomware attacks since the beginning of the year, resulting in significant business disruptions and extensive data leaks in some cases. WH Smith Cyberattack is now another victim that is being added to that list of cyberattack victims.

Notable examples include the attack on Yum! Brands on January 20, which forced the closure of 300 KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill restaurants in the UK.

On January 30, British sports apparel chain JD Sports disclosed that it suffered a data breach, and on February 7, the LockBit ransomware gang claimed responsibility for the cyberattack on Royal Mail, the UK’s leading mail delivery services provider, resulting in lengthy outages for the company and its customers.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.