WH Smith investigates hacking attack after employee data stolen

WH Smith investigates hacking attack, after employee data stolen

British high street giant WH Smith has revealed that it has suffered a “cybersecurity incident,” which has seen hackers gain unauthorised access to its systems, and steal data including information related to current and former employees.

In its statement filed at the London Stock Exchange it doesn’t mention the word “ransomware” but I don’t think anyone would be surprised if that’s what happened.

The retailer, which has hundreds of stores across the United Kingdom says that its investigation into the incident is ongoing and that it takes “security extremely seriously.”

Does any company ever announce it’s been hacked *without* saying it takes security seriously? I don’t think so…

Whsmith notice

WH Smith says it is informing all affected employees, and has notified the relevant authorities.

Customer databases and WH Smith’s online presence are not affected according to the company.

Sign up to our free newsletter.
Security news, advice, and tips.

In due course we’ll no doubt learn more about what has happened, and the nature of the data which has been stolen by WH Smith’s attackers. Whether that will become clear through news released from WH Smith itself, or by a ransomware gang publishing details of what it has done on the dark web, remains to be seen…

Last year one of WH Smith’s subsidiaries, online greeting cards business Funky Pigeon, suffered its own cybersecurity incident after hackers gained access to its systems.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.