WH Smith has been the target of a cyber-attack in which company data was accessed illegally, including the personal details of current and former employees, the retailer has revealed.
The books and stationery chain said there was no impact on trading and its website, and that customer accounts and the customer database were on separate systems and “unaffected by this incident”.
The attack comes just under a year after a cyber-attack on WH Smith’s Funky Pigeon website forced it to stop taking orders for about a week.
WH Smith said on Thursday it had “immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities” after the latest incident.
“WH Smith takes the issue of cybersecurity extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them,” the company said.
The retailer said it was trading strongly and would report its half-year financial results on 20 April.
In January, Royal Mail was forced to ask customers to stop sending parcels and letters to overseas destinations after a cyber incident caused “severe service disruption” to international exports. And in December, the Guardian asked most staff to work from home after it was hit by a ransomware attack in which the personal data of UK staff members was accessed.
According to a government report last year, two in five UK businesses had reported cybersecurity breaches or attacks in the previous 12 months.
In 2018, the government estimated that cybercrime costs the UK economy £28bn a year. However, the scale of the problem is thought to be growing as business is increasingly carried out online, with organised criminal gangs and state actors involved in attacks. The increase in cybercrime aimed at individuals was fuelled in recent years by scams exploiting the pandemic.