WH Smith: Employee Data Compromised In Cyberattack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 03, 2023 08:18 am PST

WH Smith reports a cyberattack and claims that employee data was accessed. Attackers were able to obtain the company’s data during a cybersecurity breach, according to WH Smith, which was the target of the intrusion.

The store reported that information on both current and previous employees had been compromised in a notice submitted to the Regulation News Service of the London Stock Exchange. There are about 12,500 employees in the company.

According to the filing, “Upon learning of the event, we quickly initiated an investigation, engaged professional support services, and conducted our incident response policies, including alerting the necessary authorities. The company did not give the attack’s date.


The majority of the country’s high streets are frequented by WH Smith, which has more than 1,700 stores, mostly in the UK, and sells periodicals, stationery, books, and sweets.

Although the specifics of the cyberattack were kept under wraps, the confirmation that employee data had been accessed is in line with what several ransomware gangs have been doing. A firm representative informed me that they were unable to offer any additional information at the time.

According to WH Smith’s regulatory statement, the company is still looking into the event, has informed “all affected workers,” and has “placed measures in place to help them.”

“The Group’s trade activities have not been impacted. The statement said that “our website, customer accounts, and underlying customer databases are on different systems that are unaffected by this event.

Seemingly High Rate of Cyberattacks

This year has seen a number of cyberattacks on private sector companies, including one that resulted in the closure of roughly 300 fast food outlets run by Yum! The brand is an American firm that includes KFC, Pizza Hut, and Taco Bell. Indigo, a Canadian bookshop, revealed on Wednesday that employee data had just been compromised.

In what was referred to as the first significant measure of a “new campaign of concerted action” to combat the criminal enterprise, the United Kingdom and the United States last month sanctioned seven individuals linked to ransomware assaults.

It has been a long time coming. The majority of the British government’s most recent crisis management “Cobra” meetings, which officials from several government ministries attended, were caused by ransomware outbreaks as of late November.

According to British government insiders dealing directly with the ransomware problem, there is little hope for progress that could assist the U.K. in cracking down on the issue or even a light at the end of the tunnel.

At the time, they claimed to be witnessing “an increasingly effective business model” with “growing ransom demands,” “rising ransom payments,” and “harder to escape paying a ransom as the entire ecosystem is moving that direction.”


High-street retailer WH Smith in the UK has acknowledged that it was the subject of a hack that resulted in employee data theft. When the attack was discovered, WH Smith enlisted the help of cybersecurity professionals to launch an investigation and develop incident response plans, which included contacting the appropriate authorities. The retailer’s current and past employees’ names, dates of birth, residences, and social security numbers were all accessible to the hackers.

According to the massive stationary and book company, there is currently no proof that the attack allowed access to banking information. However, WH Smith disclosed that because its website, customer databases, and customer accounts were on distinct platforms, the intrusion had no impact on its trading activity. According to Risk Crew’s CEO, Richard Hollis, the participation of its employees’ personal information in the attack doesn’t make it any less alarming, even though no financial data was compromised.

Notify of
8 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Keiron Holyome
InfoSec Expert
March 6, 2023 11:22 am

“This attack on WH Smith underscores that the global cyber risk equally applies to British retailers. Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information.”

“Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith. Cyber criminals are waiting for organisations and the public to drop their guard. We must not let them seize the opportunity.”
“Businesses should not have to suffer the effects of cyberattacks. Endpoint detection and response (EDR) focused solutions take action too late and do not prevent breaches. Prevention is the best strategy. With a prevention-first and AI-driven approach, malware can be stopped in its tracks. ”
“A prevention-first security posture begins with neutralising malware prior to the exploitation stage.. By stopping malware at the exploitation stage, organisations can increase their resilience, reduce infrastructure complexity, and streamline security management. We do not believe that there needs to be victims.”  

Last edited 6 months ago by Keiron Holyome
Richard Hollis
InfoSec Expert
March 6, 2023 11:21 am

“It seems not a week goes by without a big named brand making data breach headlines.
Based on the information available, the incident is putting current and former employee data at risk, and the data obtained by attackers relates to names, addresses, dates of birth and NI numbers.
While it’s reassuring that no financial information has been compromised, this doesn’t make the breach any less severe. People can’t simply move house or change their name after a data breach, so this information is now in the hands of criminals forever. Attackers can use this data to commit identity fraud and also target victims with realist phishing emails in a bid to steal further information.
Anyone impacted by this breach must tread with caution when it comes to emails that are asking for personal information.
Hopefully WH Smith will also provide some form of credit monitoring to victims, as this should help them identify any cases of fraud quickly.”

Last edited 6 months ago by Richard.Hollis
Martin Mackay
InfoSec Expert
March 6, 2023 11:16 am

“The retail industry continues to be a popular target for threat actors, due to the amount of personal data they hold, and the widespread impact attacks can have on the general population. Whilst this attack did not affect customers, like the attack last year on WH Smith, the incident is no less serious.
Stolen employee data usually ends up being sold on the dark web and can be used to commit further crimes such as fraud. It is an awful position for both the business and employees to be in – not knowing who has access to their personal data, and ultimately, what they could be using it for. 
For retail organisations it is crucial to use technologies such as unified SASE (Secure Access Service Edge). With networks being connected from employees, customers and other businesses, it is essential security teams gain complete visibility over all endpoints and devices connected to their network. There should also be extra security controls such as network segmentation, in place that helps to secure the most sensitive data stored in networks.”

Last edited 6 months ago by Martin.Mackay
Jason Gerrard
Jason Gerrard , Director, International Systems Engineering
InfoSec Expert
March 6, 2023 11:12 am

“The WHSmith cyber attack is a crucial reminder to all businesses that they should be taking a proactive approach to cybersecurity. This is far more efficient and cost-effective than relying on a reactive approach and simply responding to an attack that has already gained control of your system. Having the correct tools in place to identify threats early is essential. With some of the UK’s most high-profile organisations falling victim to cybercriminals in the last few months, it has never been more important for businesses to take cybersecurity seriously. 

“An early detection system, such as cyber deception, will put organisations one step ahead of the attacker. Decoys are deployed to throw the attacker off course and lure them to fake assets, rather than the real ones. Organisations are alerted as soon as the attacker enters the decoy IT environment so security teams can take immediate actions and isolate the asset. With response time significantly reduced, cybercriminals are far less likely to get into any real systems. If more security teams turn to this approach, fewer genuine attacks will occur and company and customer data will be significantly safer.”

Last edited 6 months ago by Jason.Gerrard
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
March 6, 2023 11:08 am

“While we don’t yet know exactly what employee information was exposed, WH Smith employees should assume the worst. Employees should be on the alert for phishing scams and other targeted scams. They should also keep a close eye on their credit cards, bank accounts, and other financial accounts to help prevent bad guys from stealing their identities. Many credit card issuers and banks offer free credit monitoring. Hopefully, WH Smith will also provide some sort of monitoring services to employees.”

Last edited 6 months ago by Chris Hauk

Recent Posts

Would love your thoughts, please comment.x