British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees.
The company operates 1,700 locations across the United Kingdom and employs over 12,500 people, reporting a revenue of $1.67 billion in 2022.
Customer data is safe
“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company’s cybersecurity notice filed with London’s Stock Exchange.
“Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services, and implemented our incident response plans, which included notifying the relevant authorities” – WH Smith
The company states that the attack did not impact its trading business. Customer data was not affected because this information is stored on separate systems that remained safe from unauthorized access.
Individuals confirmed to be impacted by the incident will be notified directly. WH Smith says that special measures to support them will be put in place. This presumably will include identity protection services.
The notification to London’s Stock Exchange includes few details and the company did not share the nature of the incident, which could be a ransomware attack.
The company has also yet to determine how many individuals have been impacted.
Although there are no details about the date of the attack, it can be concluded that the intrusion occurred after January 18, the date of the last trading update from the company, which did not mention any cyberattack. According to the BBC, the incident happened earlier this week.
Cyberattacks in UK this year
The United Kingdom has had several high-profile ransomware attacks since the beginning of the year, resulting in severe business disruptions and extensive data leaks in some cases.
A notable example is the attack on Yum! Brands January 19 that forced the firm to close down 300 KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill restaurants in the UK.
On January 30, British sports apparel chain JD Sports disclosed that it suffered a data breach after hackers compromised its servers and stole the online order information of ten million customers.
On February 7, the LockBit ransomware gang took responsibility for the cyberattack on Royal Mail, UK’s leading mail delivery services provider, forcing the company and its customers to sustain lengthy outages.