Big British High Street Retailer Attacked

Uploaded on 2023-03-03 in TECHNOLOGY--Hackers, FREE TO VIEW

Leading British high Street retailer WH Smith has announced that it has been attacked and that the hackers have accessed current and former members of staff’s data including names, addresses, National Insurance numbers and birth dates. 

The books and stationery chain have not say how many of its current and former employees had been affected by the breach, which took place earlier this week. 

The retailer published an alert issued to the London Stock Exchange on 2 March, telling investors of this cyber security attack.

The company employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. An investigation has been launched into the attack with support from third-party cyber security experts.

Relevant authorities have been informed per the company's incident response plan. “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them... There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

Highlighting the importance of authenticating identities, Jasson Casey, CTO at Beyond Identity commented. "Hackers no longer break in using sophisticated techniques. They simply log in. Eighty percent of data breaches start with a password-based attack. While MFA was supposed to fix this issue, first generation MFA that uses one time code, magic links or push notifications are now easily bypassed." Casey recommends that organistaions transition to modern passwordless, and phishing resistant Multifactor Authentication (MFA) technoques to keep customer accounts and internal systems secure.    

WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack. Similar attacks are a growing problem for UK businesses, with a number of high profile hacks  - in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks.  

Also commenting, Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This attack on WH Smith underscores that the global cyber risk equally applies to British retailers.  Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information... Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith."

ITPro:     Guardian:    BBC:     Independent:       Sky:    Yahoo:

You Might Also Read: 

Employees Blame Their Employer For Data Theft:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Office Workplace ln The Hybrid World
Banning Ransomware Payments - Will It Work?  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

Inogesis

Inogesis

Inogesis helps blue-chip organisations harness disruptive technologies and thinking to drive new revenues or overcome challenges by connecting them with dynamic small companies.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.