Branch of WH Smith showing cyber attack impacted employee data

High Street Retailer WH Smith Suffers a Cyber Attack Leaking Employee Data

Travel and High Street retailer WH Smith suffered a cyber attack that leaked employee data of UK-based workers.

In a data breach notification filed with the London Stock Exchange, WH Smith said the incident leaked the data of current and former employees, but customer data was unaffected.

WH Smith promised to notify impacted individuals and support them during recovery.

Only UK employee data was leaked in the WH Smith cyber attack

WH Smith launched an investigation, hired third-party cyber forensics, and reported the cyber attack to the relevant authorities.

“Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities.”

Employee data leaked includes names, addresses, dates of birth, and National Insurance numbers.

“While less newsworthy than ransomware attacks or the theft of credit card information, the theft of PII exposes the individual to the possibility of repeated and highly targeted attacks, as well as exposing the organization risk of being penalized by the Information Commissioners Office (ICO),” said John Stevenson, Senior Product Marketing Manager at Skybox Security.

The Swindon, United Kingdom-based retailer did not disclose how many employees were impacted by the cyber attack. The company employs over 10,000 people across 1,700 locations in the United Kingdom.

However, the incident only affected current and former employees in the UK. WH Smith promised to notify all employee data leak victims and support them during recovery.

“WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.”

Stolen employee data is invaluable to cybercriminals for targeting and committing fraud, including identity theft. With some workers having access to customer data, an employee data leak could allow hackers to take over their accounts and access customer and company data.

“Considering the data accessed, WH Smith workers will be an important line of defence in preventing further breaches,” said Oz Alashe, CEO at CybSafe. “They will need to be aware of the ways cyber criminals can access systems to get a hold of sensitive information, including their own personal data.”

However, WH Smith said the cyber attack had no material impact on the company, and trading activities continued unaffected. Additionally, WH Smith asserted that the attack did not expose customer data stored on a separate server.

“There has been no impact on the trading activities of the Group,” WH Smith said. “Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident.”

WH Smith has notified the UK Information Commissioner’s Office (ICO), which said it would launch an investigation into the cyber attack.

In April 2022, Funky Pigeon, a WH Smith subsidiary, suffered a cyber attack that disrupted order processing for nearly two weeks, including over the Easter weekend.

The incident leaked customer details such as names, email addresses, and card customizations.

Increasing cyber attacks in the United Kingdom

The United Kingdom is among the top targets for cyber attacks from hacking groups usually operating from Russia. According to a government report, the number of cyber attacks in the UK steadily increased between 2021 and 2022.

WH Smith employee data breach occurred hot on the heels of a LockBit ransomware attack on the UK-based logistics company Royal Mail, causing disruptions for weeks.

Another British retailer JD Sports disclosed a cyber attack that likely exposed the personal details of approximately 10 million people.

In January 2023, Yum! Brands, the owners of KFC, Pizza Hut, and Taco Bell, closed over 300 outlets in the UK after a cyber attack.

In December 2022, British media company The Guardian Media Group disclosed a ransomware attack that disrupted its IT infrastructure, forcing employees to work at home.

“While the details are still unclear, this breach marks yet another in a number of high-profile British businesses falling victim to cyber crime,” Alashe concluded.