In a notice to the London Stock Exchange dated 02/03/23, WHSmith has announced that they have been on the receiving end of a cyber security incident.
The statement doesn’t reveal the nature of the incident, it just states that they have “been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data.”
Investigations into the nature of the attack are currently being investigated, but at the moment the company says that there has been no impact on the trading activities of the Group and that the website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident
The company has not revealed how many of its employees (current and former) had been affected by the breach, which is believed to have occurred earlier this week.
The company currently employs around 10,000 people across its High Street stores and outlets at railway stations and airports.
Not the 1st attack on the group
This is not the 1st attack aimed at the WHSmith group in the last 12 months.
Back in April 2022, the groups online card business – funky Pigeon.com was targeted in an attack which rendered the business unable to fulfill orders towards the end of April and the Easter weekend.
At the time of that incident, the company said it was writing to all customers from the past 12 months to inform them of the attack, saying that no payment data was at risk and it did not believe account passwords had been affected.
As a precautionary measure, the took its systems offline and was therefore unable to fulfill any orders
Due to the nature of the funky pigeon attack, the company said at the time: “As soon as we discovered the incident, we launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data.”
“We are currently investigating the extent to which any personal data – specifically names, addresses, email addresses and personalised card and gift designs – has been accessed.”