High street retailer WH Smith has been hit by cyber-attackers, with hackers accessing some of its workers’ data. The company has confirmed that the cyber-attack has affected the data of current and former employees, but customer accounts and databases are unaffected.The extent of the data breach is currently under investigation, and it is unclear how many employees may be affected. The company has urged all staff members to remain vigilant and report any suspicious activity to their managers.
The information that might have been compromised comprises the names, addresses, National Insurance numbers, and dates of birth of both past and present employees of the company in the United Kingdom.
As of now, WH Smith has not found any evidence of the stolen information being misused or shared, and it has informed the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) about the attack.
In April 2022, WH Smith owned Funky Pigeon, a popular UK online card retailer, suffered a cyber attack that forced the company to stop taking orders. The attack resulted in the loss of nearly £20m in sales and wiped £6m off the brand’s EBITDA. The company’s systems were taken offline, which left customer data vulnerable. The full impact of the cyber attack on Funky Pigeon is still being assessed, and the company is currently implementing stronger cybersecurity measures to prevent similar incidents from happening in the future.
The cyber-attack on WH Smith highlights the increasing threat of cybercrime, which is becoming a major concern for businesses across the globe. As more businesses rely on technology for their operations, the risks of cyber-attacks continue to grow, and it is essential for businesses to implement robust cybersecurity measures to protect themselves against such attacks. Please check our cybersecurity report for more insights on the current cybersecurity landscape.
WH Smith is just one of the latest companies to be targeted by cyber-criminals, and it is a stark reminder of the need for businesses to be aware of the risks of cyber-attacks and take steps to protect their data and systems.
Several high-profile attacks have already occurred in 2023, causing significant disruptions to businesses and their customers.
One of the most notable attacks occurred inJanuary, when JD Sports, the popular sportswear retailer, was hit by a major cyber-attack that affected its online operations. The company’s website and app were taken offline, leaving customers unable to make purchases or access their accounts. JD Sports confirmed that the attack was caused by ransomware, and it is currently working to restore its online services.
Royal Mail, the UK’s leading mail delivery service, suffered a cyber attack in January 2023. A criminal group using the LockBit ransomware attacked the company’s systems and threatened to publish the stolen information online if a ransom was not paid. The incident caused severe disruption to the company’s international export services and forced the company to shut down some of its services to contain the damage . Royal Mail CEO Simon Thompson confirmed that the cyber attack was responsible for the disruption and the LockBit ransomware operation claimed responsibility for the attack.
In July 2022, Kaseya, an IT management software company, was hit by a ransomware attack that affected several of its customers. The attackers demanded a ransom of $70 million in exchange for the decryption key, but Kaseya refused to pay. The company has since implemented new security measures and is working to restore its customers’ systems.
In May 2022, Conti, a variant of the Ryuk ransomware, hit several US companies. The attackers demanded a ransom in exchange for the decryption key.