Big British High Street Retailer Attacked

Leading British high Street retailer WH Smith has announced that it has been attacked and that the hackers have accessed current and former members of staff’s data including names, addresses, National Insurance numbers and birth dates. 

The books and stationery chain have not say how many of its current and former employees had been affected by the breach, which took place earlier this week. 

The retailer published an alert issued to the London Stock Exchange on 2 March, telling investors of this cyber security attack.

The company employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. An investigation has been launched into the attack with support from third-party cyber security experts.

Relevant authorities have been informed per the company's incident response plan. “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them... There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

Highlighting the importance of authenticating identities, Jasson Casey, CTO at Beyond Identity commented. "Hackers no longer break in using sophisticated techniques. They simply log in. Eighty percent of data breaches start with a password-based attack. While MFA was supposed to fix this issue, first generation MFA that uses one time code, magic links or push notifications are now easily bypassed." Casey recommends that organistaions transition to modern passwordless, and phishing resistant Multifactor Authentication (MFA) technoques to keep customer accounts and internal systems secure.    

WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack. Similar attacks are a growing problem for UK businesses, with a number of high profile hacks  - in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks.  

Also commenting, Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This attack on WH Smith underscores that the global cyber risk equally applies to British retailers.  Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information... Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith."

ITPro:     Guardian:    BBC:     Independent:       Sky:    Yahoo:

You Might Also Read: 

Employees Blame Their Employer For Data Theft:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Office Workplace ln The Hybrid World
Banning Ransomware Payments - Will It Work?  »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.