WH Smith investigates hacking attack after employee data stolen

WH Smith investigates hacking attack, after employee data stolen

British high street giant WH Smith has revealed that it has suffered a “cybersecurity incident,” which has seen hackers gain unauthorised access to its systems, and steal data including information related to current and former employees.

In its statement filed at the London Stock Exchange it doesn’t mention the word “ransomware” but I don’t think anyone would be surprised if that’s what happened.

The retailer, which has hundreds of stores across the United Kingdom says that its investigation into the incident is ongoing and that it takes “security extremely seriously.”

Does any company ever announce it’s been hacked *without* saying it takes security seriously? I don’t think so…

Whsmith notice

WH Smith says it is informing all affected employees, and has notified the relevant authorities.

Customer databases and WH Smith’s online presence are not affected according to the company.

Sign up to our free newsletter.
Security news, advice, and tips.

In due course we’ll no doubt learn more about what has happened, and the nature of the data which has been stolen by WH Smith’s attackers. Whether that will become clear through news released from WH Smith itself, or by a ransomware gang publishing details of what it has done on the dark web, remains to be seen…

Last year one of WH Smith’s subsidiaries, online greeting cards business Funky Pigeon, suffered its own cybersecurity incident after hackers gained access to its systems.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.