2 min

The cyberattack resulted in the theft of some company data.

On Thursday, UK retail group WH Smith announced that it had been the victim of a cyberattack. The company did not disclose the exact nature of the attack, but the official “notice of cybersecurity incident” it issued to the London Stock Exchange admitted that the hackers gained “illegal access to some company data, including current and former employee data”.

The notice also included what has become the standard corporate response to such cyberattacks. “Upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services and implemented our incident response plans, which included notifying the relevant authorities”, the company said.

“WH Smith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing”, the company assures us. “We are notifying all affected colleagues and have put measures in place to support them”.

The notice also says that there was “no impact on the trading activities” and that the company’s website, customer accounts and underlying customer databases are on separate systems and thus “unaffected by this incident”.

Possible ransomware attack

“While details of the hack are limited at present, it does show how criminals are increasingly attacking U.K. organizations across a variety of industries solidifying the fact that no vertical or size or organization is safe from attacks,” Javvad Malik, lead awareness advocate at security awareness training company KnowBe4, told SiliconANGLE.

As of this writing, no hacking group has taken responsibility for the attack, and WH Smith has not reported receiving any ransom requests for the data that was exfiltrated. Nonetheless, the fact that data was stolen implies a possible ransomware operation, even if it is a modest one given that only a limited number of systems at WH Smith were hit.

Ransomware attackers generally steal data and then demand a ransom payment in return for an encryption key that allows the victim to recover the lost data. The malefactors may also threaten to publish the stolen data if the ransom is not paid.