UK retailer WH Smith struck by cyberattack
U.K. retailer WH Smith PLC has been struck by a cyberattack that resulted in the theft of some company data.
The form of cyberattack was not disclosed, with the company only describing it as a “cyber security incident” in a notice today to the London Stock Exchange. WH Smith ticked off the standard response list of launching an investigation, hiring a third-party forensic specialist and implementing its incident response plan, including notifying relevant authorities.
WH Smith said there had been no impact on its trading activities and that its website, customer accounts and underlying databases were unaffected by the incident as they were on separate systems. Any individuals affected by the attack will be contacted directly by the company.
No hacking group has taken responsibility for the attack. However, given data was stolen, there’s a possibility that it could have been a ransomware attack, though one that affected only a limited number of systems at WH Smith. Ransomware gangs in 2023 regularly steal data as part of the modus operandi and then demand a ransom payment for an encryption key and a promise not to publish the stolen data.
“While details of the hack are limited at present, it does show how criminals are increasingly attacking U.K. organizations across a variety of industries solidifying the fact that no vertical or size or organization is safe from attacks,” Javvad Malik, lead awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE.
John Stevenson, senior product marketing manager at enterprise cybersecurity solutions provider Skybox Security Inc., said the attack serves as a prime example of the importance of understanding the network attack surface.
“While the details are still sketchy, it seems likely the attackers have accessed personally identifiable information from corporate databases,” Stevenson said. “This might be because the attackers have exploited a network path into those databases, perhaps because instances of the data have been poorly secured in the cloud.”
In any event, Stevenson added, the results can be devastating for the individuals concerned. “While less newsworthy than ransomware attacks or the theft of credit card information, the theft of PII exposes the individual to the possibility of repeated and highly targeted attacks, as well as exposing the organization [to the] risk of being penalized by the Information Commissioners Office,” he said.