Big British High Street Retailer Attacked

Uploaded on 2023-03-03 in TECHNOLOGY--Hackers, FREE TO VIEW

Leading British high Street retailer WH Smith has announced that it has been attacked and that the hackers have accessed current and former members of staff’s data including names, addresses, National Insurance numbers and birth dates. 

The books and stationery chain have not say how many of its current and former employees had been affected by the breach, which took place earlier this week. 

The retailer published an alert issued to the London Stock Exchange on 2 March, telling investors of this cyber security attack.

The company employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. An investigation has been launched into the attack with support from third-party cyber security experts.

Relevant authorities have been informed per the company's incident response plan. “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them... There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

Highlighting the importance of authenticating identities, Jasson Casey, CTO at Beyond Identity commented. "Hackers no longer break in using sophisticated techniques. They simply log in. Eighty percent of data breaches start with a password-based attack. While MFA was supposed to fix this issue, first generation MFA that uses one time code, magic links or push notifications are now easily bypassed." Casey recommends that organistaions transition to modern passwordless, and phishing resistant Multifactor Authentication (MFA) technoques to keep customer accounts and internal systems secure.    

WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack. Similar attacks are a growing problem for UK businesses, with a number of high profile hacks  - in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks.  

Also commenting, Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This attack on WH Smith underscores that the global cyber risk equally applies to British retailers.  Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information... Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith."

ITPro:     Guardian:    BBC:     Independent:       Sky:    Yahoo:

You Might Also Read: 

Employees Blame Their Employer For Data Theft:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Office Workplace ln The Hybrid World
Banning Ransomware Payments - Will It Work?  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Association for Uncrewed Vehicle Systems International (AUVSI)

Association for Uncrewed Vehicle Systems International (AUVSI)

AUVSI is the world's largest nonprofit organization dedicated to the advancement of uncrewed systems and robotics. Focus areas include cyber security for uncrewed systems and robotics.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Allure Security

Allure Security

Allure Security AI-driven brand protection scans more of the online world for faster, more accurate detection & removal of spoof websites, social media & mobile apps -- before customers fall victim.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.