A cyberattack has been launched against the high street merchant WH Smith, and the data of some of its employees has been accessed by the attackers.
The names, addresses, National Insurance numbers, and dates of birth of the company’s present and former employees in the UK are among the sensitive information that may have been compromised.
However, according to WH Smith’s statement, the company’s website, customer accounts, and customer information are unaffected.
The business announced that it had begun an investigation into the matter and had informed the appropriate authorities of the occurrence.
According to their website, “WH Smith takes cyber security very seriously,” and “investigations into the incident are still going on.“
We are in the process of notifying all of the affected coworkers and have taken steps to provide assistance for them.
It added: “There has been no effect on the group’s commercial operations as a result of this. Our website, as well as customer accounts and the databases that support those accounts, are hosted on different systems, so they are unaffected by this incident.”
The retailer WH Smith did not disclose how many of its current and previous employees were impacted by the data breach that occurred earlier this week.
A request for feedback has been sent to the Information Commissioner’s Office (ICO), which is a watchdog organization that investigates data breaches.
According to Lauren Wills-Dixon, an expert in data privacy legislation at the law firm Gordons, “retailers are particularly at risk from cybercriminals because of the large volume of customer and employee data they often hold.”
“Because retailers are so dependent on the faith and confidence of the general public, which cyber incidents threaten to undermine, there is also an increased risk to their reputation and the possibility that it will be disrupted. As a result of this, the retail industry is an enticing target.”
According to what she said, attacks on the data of employees “have the potential to be more damaging than other breaches given the categories and amount of data employers hold about their staff.”
According to Ms Will-Dixon, a leak of this nature can then result in an increased risk of identity fraud for the individuals whose information was exposed.
Already in 2018, there have been two instances of cybercrime directed against prominent UK businesses.
During the month of January, Royal Mail was the victim of a ransomware attack that was connected to Russia. As a result, international deliveries were severely hampered for several weeks.
The same month, the sportswear chain JD Sports announced that it had been the target of a cyberattack that had the potential to place the personal information of 10 million of its customers in jeopardy.
The online greeting card business Funky Pigeon, which is owned by WH Smith, was the victim of a cyberattack in April of the previous year. As a result of the attack, the company was unable to process orders for several days.