British high street giant WH Smith has revealed that it has suffered a “cybersecurity incident,” which has seen hackers gain unauthorised access to its systems, and steal data including information related to current and former employees.
In its statement filed at the London Stock Exchange it doesn’t mention the word “ransomware” but I don’t think anyone would be surprised if that’s what happened.
The retailer, which has hundreds of stores across the United Kingdom says that its investigation into the incident is ongoing and that it takes “security extremely seriously.”
Does any company ever announce it’s been hacked *without* saying it takes security seriously? I don’t think so…
WH Smith says it is informing all affected employees, and has notified the relevant authorities.
Customer databases and WH Smith’s online presence are not affected according to the company.
In due course we’ll no doubt learn more about what has happened, and the nature of the data which has been stolen by WH Smith’s attackers. Whether that will become clear through news released from WH Smith itself, or by a ransomware gang publishing details of what it has done on the dark web, remains to be seen…
Last year one of WH Smith’s subsidiaries, online greeting cards business Funky Pigeon, suffered its own cybersecurity incident after hackers gained access to its systems.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.