Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Retail Giant WH Smith Cyberattack – Employee Data Stolen

W.H. Smith is the latest UK-based business to suffer a cyber attack, following the Royal Mail ransomware attack and data breach at JD Sports.

UK-based high street chain WH Smith has confirmed that it was targeted in a cyberattack resulting in the theft of employee data. Following the detection of the attack, WH Smith initiated an investigation in partnership with cybersecurity experts and implemented incident response strategies, including notifying relevant authorities.

What Data Was Stolen in WH Smith Hack

The hackers managed to access the retailer’s current and former employees’ information, including names, dates of birth, addresses, and national insurance numbers.

The stationary and book giant stated that currently there is no evidence that banking details were accessed during the attack. WH Smith also revealed that the hacking didn’t affect its trading activities, and its website, customer databases, and customer accounts were also unaffected because they were on separate systems.

However, Risk Crew’s CEO, Richard Hollis, says that even though financial data wasn’t compromised in the attack, it doesn’t make the incident any less concerning because of the involvement of the personal information of its employees.

In a comment to, Jasson Casey, CTO at Beyond Identity said, “This attack on WHSmith serves as yet another reminder that adversaries continue to ramp up their attacks.”

“Studies like the Verizon Data Breach Investigation Report confirm that threat actors are often taking advantage of outdated security measures that make it cheap and easy to pull off a successful attack,” Jasson added.

The CTO warned that “the unfortunate attack on WHSmith won’t be the last and should be the wake-up call that organisations need to fix outdated controls”

WH Smith’s Statement

In a media statement, WH Smith emphasized that it takes cybersecurity seriously and is currently notifying all affected employees and providing support to them.

WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.

WH Smith

Meanwhile, experts are recommending that businesses in the retail sector implement data-centred protective measures to secure sensitive data like financial, transactional, and PII data.

The cyberattack on WH Smith is one of several recent attacks on UK-based businesses, with Royal Mail’s international postal services being offline for an extended period after a ransomware attack on the company.

  1. PayPal Notifies 35,000 Users of Data Breach
  2. Malware found in UK Govt-funded laptops for kids
  3. Reddit Hacked as Employee Bites on Phishing Scam
  4. Hackers disrupt UK’s Bristol Airport flight info screens
  5. Coinbase Employees Targeted by SMS Phishing Attack

Related News

Researcher create polymorphic Blackmamba malware with ChatGPT

Researcher create polymorphic Blackmamba malware with ChatGPT

The malware can target Windows, macOS and Linux devices. HYAS Institute researcher and cybersecurity expert, Jeff Sims, has developed a…
Owner of Breach Forums Pompompurin Arrested in New York

Owner of Breach Forums Pompompurin Arrested in New York

Pompompurin has been charged with a single count of conspiracy to commit access device fraud. Conor Brian Fitzpatrick (aka Pompompurin,…
New Vishing Attack Spreading FakeCalls Android Malware

New Vishing Attack Spreading FakeCalls Android Malware

The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial…