WH Smith Admits Staff Data Accessed In ‘Cyber Incident’

Book and stationary retailer WH Smith investigates a cyber security incident that led to illegal access to some company data

British high street retailer WH Smith has become the latest organisation that is dealing with a cyber security incident.

The Guardian newspaper quoted the retailer saying in a statement to the city, that a “cyber security incident” has resulted in illegal access to some company data, including current and former employee data.

WH Smith reportedly said it immediately launched an investigation, engaged specialist support services and notified the relevant authorities.

Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Incident statement

The good news is that WH Smith says that its customer accounts and databases are not affected.

“WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the retailer was quoted by the Guardian as saying in a statement. “We are notifying all affected colleagues and have put measures in place to support them.”

“There has been no impact on the trading activities of the Group,” it added. “Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident.”

UK cyberattacks

UK organisations are increasingly dealing with cyberattacks, some of which are stemming from Russia.

For example the Russia-linked LockBit gang claimed responsibility for January’s ransomware attack on the Royal Mail and said it would publish stolen data if a ransom was not paid.

The attack shut down Royal Mail’s international export services for parcels and letters, causing significant delays.

In 2015 WH Smith admitted to a serious privacy mishap after a misconfigured web page triggered a mass email to its entire mailing list.

It has reportedly blamed the mistake on an “administrative error”. But the company angered many online when it insisted it was not a “data breach”.