Why retailers’ data is proving a treasure trove for cyber attackers
UK high street retailer WHSmith is the latest firm to have fallen prey to cyber-attackers, as sensitive employee data was stolen from its networks last week.
According to the retailer, customer data was not affected as it is stored on a separate system.
However, the data of past and present staff – including names, addresses, National Insurance numbers and dates of birth were stolen with the probable intention of being sold on through the dark web.
“WHSmith takes the issue of cyber security extremely seriously and investigations into the incident are ongoing,” a spokesperson for the retailer stated.
“We are notifying all affected colleagues and have put measures in place to support them. There has been no impact on the trading activities of the group.”
While the identity of the attackers remains unclear at this stage, cyber professionals have long been warning retailers to up their defences to prevent data breaches, as the vast amounts of data they hold are a gold mine for cyber criminals.
“The retail industry continues to be a popular target for threat actors, due to the amounts of personal data they hold, and the widespread impact attacks can have on the general population,” noted Martin Mackay, CRO of cyber security firm Versa Networks.
“While this attack did not affect customers, like the attack last year on WHSmith, the incident is no less serious,” he added.
Mackay is referring to the WHSmith-owned online card company Funky Pigeon, which became a victim of a cyber attack that forced it to halt orders for two weeks last spring.
In its preliminary results for the financial year ended 31 August, WHSmith revealed that sales at the online retailer were down 35% at £35m, while EBITDA at the operation fell from £14m to £8m, “reflecting the cyber incident in April”.
Mackay explains that stolen employee data usually “ends up being sold on the dark web and can be used to commit further crimes such as fraud”.
“It is an awful position for both the business and employees to be in – not knowing who has access to their personal data, and ultimately, what they could be using it for,” he added.
To prevent these kinds of attacks, Mackay’s advises firms to use technologies such as unified SASE (Secure Access Service Edge).
“With networks being connected from employees, customers and other businesses, it is essential security teams gain compete visibility over all endpoints and devices connected to their network,” he said.
“So, there should also be extra security controls such as network segmentation in place that helps to secure the most sensitive data stored in networks,” he added.
According to Ceri Shaw, chief delivery officer at CodeClan, organisations should frequently update any software and security system to make certain that any vulnerabilities are patched.
Dominic Trott, head of strategy at Orange Cyberdefense, added that consolidation and automation could also play a role. He also advises employees have “at least a basic awareness of good security ‘hygiene behaviour’” such as updating strong passwords and being aware of spam emails.
“By doing so, retailers can ‘recruit’ employees to become the company’s first line of defence against security threats, protecting its infrastructure and customers from such attacks in the future,” he added.
So far this year fast food empire Yum! (parent of KFC and Pizza Hut) was forced to close around 300 restaurants across the UK after it fell victim to a cyber attack while the Royal Mail had to suspend overseas services following an attack which was suspected of being carried out by the LockBit ransomware operation.
To find out what enterprises to do tackle cyber-attacks and how they should they respond, read our special report
Subscribe to our Editor's weekly newsletter