WH Smith workers’ personal data accessed in second IT hack in a year
High street retailer WH Smith has been hit by its second cyber attack in less than a year after hackers accessed company data, including personal information for current and former employees.
The books and stationery chain confirmed the hack has seen a possible breach of staff payroll data such as names, addresses, dates of birth and national insurance numbers, though it does not believe banking details have been accessed.
WH Smith said only its UK workers have been impacted, but did not say how many employees have been affected.
The group employees around 10,000 staff in the UK across its high street stores, as well as a growing travel arm based at airports, hospitals and train stations.
It stressed the hack – which happened in the past few days – has not affected trading or seen customer information accessed, with its website, customer accounts and databases held on unaffected separate systems.
The group said it has launched an investigation into the incident and is notifying all affected workers.
It follows less than a year after the firm’s Funky Pigeon online card business was hacked, which left it unable to take orders for some weeks last April and over the Easter weekend.
WH Smith said it has notified the Information Commissioner’s Office and relevant authorities about the latest hack.
It said: “WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing.
“We are notifying all affected colleagues and have put measures in place to support them.”
It comes amid a wave of cyber attacks in recent months, with Royal Mail’s international postal service suffering lengthy disruption after hackers targeted the group.
Retailer JD Sports also warned in January that around 10 million people might have had their addresses, phone numbers and email addresses stolen – among other things – in a hack.