Lauren Wills-Dixon Quoted by BBC and The Times Following WH Smith Cyber Incident

Lauren Wills-Dixon, solicitor at Gordons and data privacy expert has been quoted by BBC News and The Times following a cyber attack to hit the UK high street.  

Stationer and bookseller WH Smith is the latest high profile cyber attack victims of 2023 following incidents at JD Sports and Royal Mail in January.

Retailer JD Sports warned that around 10 million customers might have had their addresses, phone numbers and email addresses stolen and Royal Mail’s international deliveries suffered serious disruption after being hacked.

Following these incidents, Lauren appeared on BBC Breakfast and was quoted in The Guardian.

Commenting on retailers’ cyber risk profile, Lauren said: “Retailers are particularly at risk from cybercriminals because of the high volume of customer and employee data they often hold.

“There is also enhanced reputational risk and potential for disruption for retailers because they are so reliant on public trust and confidence which cyber incidents threaten to undermine, making them an attractive target.”

WH Smith reported that hackers accessed some of its workers’ data. Information that may have been breached including addresses, National Insurance numbers and dates of birth of the company’s current and former UK staff. The retailer reported that customer accounts and databases were not affected and there was no impact on trading activity.

Lauren added: “We are seeing more and more high-profile cyber attacks taking place in the retail sector. Statements to date suggest that in this case WH Smith employee and ex-employee data has been compromised.

“Whilst this may be a relief to customers, cyber attacks and personal data breaches involving staff data have the ability to be more damaging than other breaches given the categories and volume of data employers hold about their staff,”

The company did not say how many of its current and former employees had been affected by the breach. WH Smith operates 1,700 locations across the United Kingdom and employs over 12,500 people, reporting a revenue of £1.4 billion in 2022.

“Whilst we don’t have any specifics on the WH Smith data which has been compromised, these types of breaches can involve the unauthorised disclosure of sensitive information such as personnel files, health records, and identification documents which increase the risk of identity theft to affected individuals.

Sharing her thoughts on staying ahead of hackers, Lauren concluded: “All organisations are at risk and should take a holistic approach to dealing with cyber attacks, moving from pure mitigation efforts to incident response, business continuity and disaster recovery planning as well as taking stock on where data is held, how it is secured, and how long it is kept for.”

You can read Lauren’s comments on BBC News here and The Times here.

As more businesses turn to digital tech to support their customers, it is essential they have the right legal partner providing high-quality regulatory and data protection guidance. Find out more about what our data privacy lawyers can do for you.