WH Smith investigates hacking attack after employee data stolen

1 year ago AndyC

British
high
street
giant
WH
Smith
has
revealed
that
it
has
suffered
a
“cybersecurity
incident,”
which
has
seen
hackers
gain
unauthorised
access
to
its
systems,
and
steal
data
including
information
related
to
current
and
former
employees.

In
its

statement
filed
at
the
London
Stock
Exchange
it
doesn’t
mention
the
word
“ransomware”
but
I
don’t
think
anyone
would
be
surprised
if
that’s
what
happened.

The
retailer,
which
has
hundreds
of
stores
across
the
United
Kingdom
says
that
its
investigation
into
the
incident
is
ongoing
and
that
it
takes
“security
extremely
seriously.”

Does
any
company
ever
announce
it’s
been
hacked
*without*
saying
it
takes
security
seriously?
I
don’t
think
so…

WH
Smith
says
it
is
informing
all
affected
employees,
and
has
notified
the
relevant
authorities.

Customer
databases
and
WH
Smith’s
online
presence
are
not
affected
according
to
the
company.

Sign
up
to
our
newsletter
Security
news,
advice,
and
tips.

In
due
course
we’ll
no
doubt
learn
more
about
what
has
happened,
and
the
nature
of
the
data
which
has
been
stolen
by
WH
Smith’s
attackers.
Whether
that
will
become
clear
through
news
released
from
WH
Smith
itself,
or
by
a
ransomware
gang
publishing
details
of
what
it
has
done
on
the
dark
web,
remains
to
be
seen…

Last
year
one
of
WH
Smith’s
subsidiaries,
online
greeting
cards
business
Funky
Pigeon,
suffered

its
own
cybersecurity
incident
after
hackers
gained
access
to
its
systems.

Found
this
article
interesting?

Follow
Graham
Cluley
on
Twitter
or

Mastodon
to
read
more
of
the
exclusive
content
we
post.

Graham
Cluley
is
a
veteran
of
the
anti-virus
industry
having
worked
for
a
number
of
security
companies
since
the
early
1990s
when
he
wrote
the
first
ever
version
of
Dr
Solomon’s
Anti-Virus
Toolkit
for
Windows.
Now
an
independent
security
analyst,
he
regularly
makes

media
appearances
and
is
an

international
public
speaker
on
the
topic
of
computer
security,
hackers,
and
online
privacy.
Follow
him
on
Twitter
at

@gcluley,
on
Mastodon
at

@[email protected],
or

drop
him
an
email.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts