WhSmith Employee Data Merged in Cyber Attacks

UK Retailer WhSMITH Subjected to Cyberattack, Personal Data of Employees Compromised

WhSMITH, a British retailer with a centuries-old history, has fallen victim to a cyberattack in which the attackers have gained access to the company’s internal data. The incident is being investigated, and preliminary information suggests that the hackers have accessed the personal data of both existing and former employees. However, the attack did not impact the performance of the company’s services.

WhSMITH, founded in 1792, is one of the largest retail sellers of books, newspapers, and magazines in the UK. The company also deals in other merchandise, such as stationery, gifts, and toys. WhSMITH is a public company, and its shares are traded on the London Stock Exchange.

A spokesperson for the company said, “We notify all the affected employees and take measures to support them. There was no impact on the group’s trading activities. Our website, customer accounts, and customer databases are in separate systems that are not affected by this incident.”

Currently, the company employs over 12,500 people, and the number of victims of the attack may be much larger when considering the data of former employees.

Richard Hollis, CEO of Risk Crew cybersecurity company, commented on the situation, stating that the information provided by WhSMITH regarding the hack suggests that the criminals have acquired names, addresses, dates of birth, and social insurance numbers of the employees. Though Hollis acknowledged that no trading data was compromised, he still spoke out about the data breach relatively harshly.

“Although it is encouraging that financial information was not compromised, this does not make the leak any less serious. Once a data leakage occurs, people cannot easily move or change their name, so this information is now forever in the hands of criminals. Attackers can use this data for fraud, including sending plausible phishing emails in an attempt to steal additional information,” Hollis explained.

In early February, a cyber attack using extortion on Lockbit was aimed at the largest Canadian bookstore, Indigo. At the time, the company announced that the hackers could gain access to the personal data of customers, but later issued a statement on their official website refuting this information and stating that the attackers had only acquired data of some employees of the company. Apparently, the attack on WhSMITH has turned out to be more severe.

/Reports, release notes, official announcements.