WH Smith, Leading British Retailer, Confirms Data Breach Following Cyberattack - 1

WH Smith, Leading British Retailer, Confirms Data Breach Following Cyberattack

  • Written by Ari Denial Cybersecurity & Tech Writer

WH Smith, a retail company based in the UK, has experienced a security breach that has resulted in the exposure of data pertaining to both past and present employees.

With over 12,500 employees and a reported revenue of $1.67 billion in 2022, WH Smith operates 1,700 locations throughout the United Kingdom.

WH Smith’s cyberattack adds to a growing list of recent attacks on UK businesses, including a ransomware attack on Royal Mail’s international postal services that resulted in an extended period of downtime.

According to WH Smith, there is currently no indication that the cybercriminals accessed banking details in the attack. The retail chain also confirmed that the breach did not impact its trading operations. Its website, customer accounts, and customer databases remained unaffected as they are hosted on separate systems.

Despite the absence of financial data compromise in the cyberattack, Richard Hollis, CEO of Risk Crew, has expressed concern over the incident due to the exposure of personal information belonging to WH Smith’s employees.

Jasson Casey, CTO at Beyond Identity, emphasized the significance of the cyberattack on WH Smith as a further indication that cybercriminals are increasing the frequency and intensity of their attacks.

WH Smith has confirmed that its trading business was not impacted by the cyberattack. The retail company also assures that customer data remained secure as it is stored on separate systems that were not affected by the unauthorized access.

WH Smith has released a cybersecurity notice through London’s Stock Exchange, stating that the company experienced a cyber security incident resulting in unlawful access to certain company data, including data pertaining to both past and present employees.

According to WH Smith, “upon becoming aware of the incident, we immediately launched an investigation, engaged specialist support services, and implemented our incident response plans, which included notifying the relevant authorities.”

WH Smith has stated that it will directly notify individuals who have been impacted by the cyberattack and that it will provide special measures to support them, which may include identity protection services.

Data Stolen From the City of Oakland Leaked by Ransomware Group - 2

Data Stolen From the City of Oakland Leaked by Ransomware Group

  • Written by Ari Denial Cybersecurity & Tech Writer

The recent cyberattack on the City of Oakland, California has resulted in the Play ransomware gang leaking stolen data.

The declaration of a state of emergency by the City of Oakland, California, following a ransomware attack underscores the tangible impact cyberattacks can have, as services were disrupted due to leaking a multi-part RAR archive of 10GB, claimed to contain confidential documents, employee information, passports, and IDs.

The cyber-gang responsible for the attack uses a combination of encryption algorithms to secure the files, rendering them inaccessible without the decryption key. According to their claims, the hackers behind the Play Ransomware possess a “master key” that can decrypt all files affected by their malware. They also allege that they exfiltrate data from their victims before encrypting it and threaten to publish it online if the ransom is not paid within a specified time frame. The ongoing data leak involving the City of Oakland is a demonstration of this tactic.

Play Ransomware, which is also referred to as PlayCrypt, is a recently established ransomware operation that commenced its activities in June 2022. The ransomware adds the extension .play to the encrypted files and includes a note containing the term PLAY, as well as an email address for contacting the attackers, as stated by the cybersecurity company Avertium.

Following the ransomware attack on February 8th, the City’s IT systems were shut down until the network could be secured. Although emergency services and 911 were unaffected by the attack, numerous other systems were taken offline, including phone service, payment collection, report processing, and permit and license issuance.

The City of Oakland is collaborating with third-party specialists and law enforcement to address the situation and is closely monitoring the unauthorized third party’s assertions to assess their accuracy. In the event that the personal information of any individuals is discovered to be involved, they will be informed as per the applicable laws.

Although the perpetrator of the attack was initially unknown, it has been revealed, or at least claimed, that the Play Ransomware gang is responsible. Cybersecurity analyst and researcher, Dominic Alvieri, confirmed this on Twitter.