WH Smith (SMWH.L) has said it has been the target of a cyber attack that has seen hackers access company data.
WH Smiths, which operates shops on the high street and at airports and railway stations, says it has immediately launched an investigation, engaged specialist support services and notified the relevant authorities.
WH Smiths says that its customer accounts and databases are not affected, though.
"WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing. We are notifying all affected colleagues and have put measures in place to support them.
"There has been no impact on the trading activities of the Group. Our website, customer accounts and underlying customer databases are on separate systems that are unaffected by this incident," it said in a statement.
The firm said there would be no impact on its trading. Shares fell 1% to 1,571p.
Guy Golan, CEO and co-founder of cyber security firm Performanta, said: "Major brands such as WH Smith should assume they will be breached by cyber-attacks and have an appropriate plan in place to respond with. Previously, the common consensus was that if you invest in cybersecurity, you’re safe. But now it’s question of when an attack will occur, rather than if, and how ready household name brands are for that scenario.
"Major brands have a responsibility to prepare and respond appropriately. Incident response is relatively straightforward if you have the right systems and people in place. The biggest challenge is finding the origin of the attack (known as Indicators of Compromise) and reducing the impact. It can take weeks to identify the source of the issue, but less than a day to confirm there’s been a breach.
"Brands must communicate with the public every step of the way. Many fail to respond appropriately because they are not prepared and, likely, their systems are not up to the task. HR, legal, finance, marketing functions need to know what to do and the agreed processes to follow."
It comes amid a wave of cyber attacks in recent months, with Royal Mail’s (ROYMY) international postal service suffering lengthy disruption after hackers targeted the group.
A Russia-linked hacking gang has claimed credit for the cyberattack that has crippled Royal Mail and is threatening to publish stolen data from the company online.
The LockBit ransomware gang published an update on its official forum, warning it would publish "all available data" on 9 February.
A cyber attack that targeted JD Sports (JD.L) led to unauthorized access to a system that held customer information for some online orders done between November 2018 and October 2020.
The retailer said it was getting in touch with affected customers and alerting them to potential scams after notifying the Information Commissioner’s Office about the security incident.
Watch: Ways To Be Safe Online