High street retailer WHSmith has been targeted by a cyber attack which saw hackers access company data – including current and former employee information.
The store said the hack has not impacted its trading activities and stressed its website, customer accounts and customer databases are on unaffected separate systems.
WHSmith, which operates shops on the high street and at airports and railway stations, says it has immediately launched an investigation, engaged specialist support services and notified the relevant authorities.
The retailer said: “Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities.”
WHSmith is the latest retailer to be targeted by hackers
PA
It added: “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing.
“We are notifying all affected colleagues and have put measures in place to support them.”
It is the latest cyber attack in recent months after a wave of other hacks on firms such as the Royal Mail and JD Sports.
Royal Mail’s international postal service suffered huge disruption after hackers targeted the group.
Sports store JD Sports warned in January that around 10 million people might have had their addresses, phone numbers and email addresses stolen – among other things – in a hack.
According to Jake Moore, Global Cyber Security Advisor at security firm ESET many cyber attacks are being carried out by ransomware gangs.
“Large companies are regularly targeted but it is significant to have a succession of big names being brought down recently," he told The Guardian.
"If company data has been accessed, it could be used as a bargaining tool to maximise the cybercriminals’ ransom demands.
"The fact it potentially includes employee information it could increase the amount dramatically. It is likely that if this was a ransomware attack then the restoration process worked efficiently.
"However, attackers now tend to steal sensitive information as insurance in case their encryption plans are not as successful or impactful.”
In April last year, online greeting card company Funky Pigeon, which is owned by WHSmith, was also hit by a cyber-attack which left it unable to process orders for several days.
You may like
