Register to get free articles
Want unlimited access? View Plans
Already have an account? Sign in
WH Smith has been hit by a large cyber security incident which has resulted in company data, including current and former employee data, being hacked by attackers.
The group said the attack had no impact on its trading activities, and that its website, customer accounts and customer databases were unaffected as they are run on separate systems.
It “immediately” launched an investigation once it was aware of the attack, and engaged specialist support services and implemented incident response plans, which included notifying the relevant authorities. It is also notifying any affected employees and has put measures in place to support them.
WH Smith said it “takes the issue of cyber security extremely seriously and investigations into the incident are ongoing”.
In its latest update, it noted that the strong trading performance detailed in its last trading update on 18 January has continued across the business, and it will release its half-year results in April.
The attack comes only weeks after JD Sports was hit by a cyber attack that saw the personal data of over 10 million customers exposed.
The exposed data was limited as the group does not hold full payment card data, with the group adding it had “no reason to believe that account passwords were accessed”.
The information that may have been accessed included the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.
