Retailer WH Smith reports cyberattack, says employee data compromised

WH Smith said Thursday that it was the target of a cybersecurity incident in which attackers were able to access company data.

In a notice filed with the London Stock Exchange’s Regulatory News Service, the retailer said that current and former employee data had been compromised. About 12,500 people work for the company.

“Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities,” the filing said. The company did not specify a date for the attack.

WH Smith, which runs more than 1,700 stores primarily in the United Kingdom, is a regular on most of the country’s high streets, where it sells magazines, stationery, books and sweets.

The nature of the cyberattack was not disclosed, although the confirmation that employee data was accessed is consistent with the behavior of a number of ransomware gangs.

A spokesperson for the company told The Record they were unable to provide any more details at the time.

WH Smith’s regulatory statement said that its investigations into the incident are ongoing and that it is notifying “all affected colleagues” and has “put measures in place to support them.”

“There has been no impact on the trading activities of the Group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” the statement added.

There have been multiple cyberattacks on private sector businesses this year, including one which closed nearly 300 fast-food restaurants operated by Yum! Brands, an American company which owns KFC, Pizza Hut and Taco Bell. Canadian bookseller Indigo said Wednesday that a recent hack had exposed employee data. 

The United Kingdom and United States last month sanctioned seven people connected to ransomware attacks in what was described as the first major move of a “new campaign of concerted action” to tackle the criminal industry.

The move has been long-awaited. As of last November, ransomware incidents had been responsible for the majority of the British government’s recent crisis management “Cobra” meetings attended by officials across different government departments.

British government sources dealing directly with the ransomware issue told The Record they saw no light at the end of the tunnel, even of the prospect of any improvements which could help the U.K. clamp down on the problem.

At the time they said they were seeing “an increasingly successful business model” with “ransom demands increasing” and “payments increasing” and it becoming “harder to avoid paying a ransom because the entire ecosystem is pushing that way.”