Big British High Street Retailer Attacked

Leading British high Street retailer WH Smith has announced that it has been attacked and that the hackers have accessed current and former members of staff’s data including names, addresses, National Insurance numbers and birth dates. 

The books and stationery chain have not say how many of its current and former employees had been affected by the breach, which took place earlier this week. 

The retailer published an alert issued to the London Stock Exchange on 2 March, telling investors of this cyber security attack.

The company employs about 10,000 people in the UK across its High Street stores and outlets at railway stations and airports. An investigation has been launched into the attack with support from third-party cyber security experts.

Relevant authorities have been informed per the company's incident response plan. “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” the company said in its statement. “We are notifying all affected colleagues and have put measures in place to support them... There has been no impact on the trading activities of the group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident,” it said.

Highlighting the importance of authenticating identities, Jasson Casey, CTO at Beyond Identity commented. "Hackers no longer break in using sophisticated techniques. They simply log in. Eighty percent of data breaches start with a password-based attack. While MFA was supposed to fix this issue, first generation MFA that uses one time code, magic links or push notifications are now easily bypassed." Casey recommends that organistaions transition to modern passwordless, and phishing resistant Multifactor Authentication (MFA) technoques to keep customer accounts and internal systems secure.    

WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack. Similar attacks are a growing problem for UK businesses, with a number of high profile hacks  - in January, Royal Mail was hit by a cyber incident which caused “severe service disruption” to international exports for almost six weeks.  

Also commenting, Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This attack on WH Smith underscores that the global cyber risk equally applies to British retailers.  Organisations need better cyber hygiene as criminals are increasingly being attracted by stores of sensitive data and information... Even after recent high-profile hacks, like that on Royal Mail, it is highly worrying that vulnerabilities still plague giant companies like WH Smith."

ITPro:     Guardian:    BBC:     Independent:       Sky:    Yahoo:

You Might Also Read: 

Employees Blame Their Employer For Data Theft:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Office Workplace ln The Hybrid World
Banning Ransomware Payments - Will It Work?  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.