Big British High Street Retailer Attacked

Uploaded on 2023-03-03 in TECHNOLOGY--Hackers, FREE TO VIEW

Leading British high Street retailer WH Smith has announced that it has been attacked and that the hackers have accessed current and former members of staff’s data including names, addresses, National Insurance numbers and birth dates. 

The books and stationery chain have not say how many of its current and former employees had been affected by the breach, which took place earlier this week. 

The retailer published an alert issued to the London Stock Exchange on 2 March, telling investors of this cyber security attack.

The company employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. An investigation has been launched into the attack with support from third-party cyber security experts.

Relevant authorities have been informed per the company's incident response plan. “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them... There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

Highlighting the importance of authenticating identities, Jasson Casey, CTO at Beyond Identity commented. "Hackers no longer break in using sophisticated techniques. They simply log in. Eighty percent of data breaches start with a password-based attack. While MFA was supposed to fix this issue, first generation MFA that uses one time code, magic links or push notifications are now easily bypassed." Casey recommends that organistaions transition to modern passwordless, and phishing resistant Multifactor Authentication (MFA) technoques to keep customer accounts and internal systems secure.    

WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack. Similar attacks are a growing problem for UK businesses, with a number of high profile hacks  - in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks.  

Also commenting, Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This attack on WH Smith underscores that the global cyber risk equally applies to British retailers.  Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information... Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith."

ITPro:     Guardian:    BBC:     Independent:       Sky:    Yahoo:

You Might Also Read: 

Employees Blame Their Employer For Data Theft:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Office Workplace ln The Hybrid World
Banning Ransomware Payments - Will It Work?  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Dtex Systems

Dtex Systems

Dtex combines endpoint visibility, targeted analytics, and analyst expertise to provide user threat detection.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Active Navigation

Active Navigation

Active Navigation is a data privacy and governance software company.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Kodem

Kodem

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.