British high street chain WH Smith has revealed earlier today it was hit by a cyber-attack that resulted in the theft of company data.
In particular, the stationery and book chain said current and former employee data was accessed by the threat actors, including names, addresses, dates of birth and national insurance numbers. WH Smith added that it does not believe banking details have been stolen during the attack.
“Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities,” the company said in a media statement.
According to Richard Hollis, CEO of security company Risk Crew, the fact that no financial information has been compromised does not make the breach any less severe.
“People can’t simply move house or change their name after a data breach, so this information is now in the hands of criminals forever. Attackers can use this data to commit identity fraud and also target victims with realist phishing emails in a bid to steal further information,” he said.
Erfan Shadabi, a cybersecurity expert at comforte AG, echoed Crew’s point, adding that retailers and e-commerce organizations should continuously operate under the assumption that their environment is currently under attack and protect this sensitive data accordingly.
“Businesses in these sectors need to apply data-centric protection to any sensitive data within their ecosystem (PII, financial, and transactional) as soon as it enters the environment and keep it protected even as employees work with that data,” Shadabi explained.
“By tokenizing any PII or transactional data, they can strongly protect that information while preserving original data format, making it easier for business applications to support tokenized data within their workflows.”
The attack against WH Smith is only the latest to target UK-based entities recently, with this trend expected to continue. A report recently published by Digital Trust Insights suggested that a quarter of UK business leaders think cyber-threats will significantly increase this year.
Image credit: William Barton / Shutterstock.com