On Thursday, books to stationary retailer WH Smith has told the City that a “cyber security incident has resulted in illegal access to some company data, including current and former employee data.”
WH Smith, which runs shops on the high street and at airports and railway stations, says it has immediately launched a , engaged specialist support services and notified the relevant authorities.
WH Smith says that its customer accounts and databases are not affected, though.
In a statement to the City, it says: “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them. There has been no impact on the trading activities of the Group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident.”
Such attacks are a growing problem for UK businesses, with a number of high profile hacks in recent weeks.
The incident did not impact its trading activities. According to a report by the BBC in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks. Data that may have been breached comprises of names, addresses, National Insurance numbers and dates of birth of the firm’s current and former UK staff.
Although, its website, customer accounts and customer databases are not affected, WH Smith said in a statement. The company said it had started an investigation and had told the relevant authorities of the incident.
“WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” it said.
“We are notifying all affected colleagues and have put measures in place to support them.”
It added: “There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident.”
The retailer did not mention how many of its current and former employees had been impacted by the breach, which took place earlier this week. The company has a workforce of about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports.
The Information Commissioner’s Office (ICO), a watchdog which probes into data breaches, said it was “aware of the incident and was investigating.”
An expert in data privacy law at law firm Gordons, Lauren Wills-Dixon, said retailers were at a larger risk of cyber-attack because of the large amount of data they hold on their customers and employees.
“There is also enhanced reputational risk and potential for disruption because retailers are so reliant on public trust and confidence, which cyber incidents threaten to undermine. This makes the retail sector an attractive target.”
