UK high street retailer The Works has shut some of its stores following a “cyber security incident” which saw hackers gain unauthorised access to its systems.
According to a statement issued by the firm, which has over 500 stores across the country selling a range of cut-price books, art and craft materials, gifts, and stationery, the attack has caused issues with payment tills which have forced the closure of some stores:
There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues. Replenishment deliveries to the Group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.
While customers are experiencing longer delivery times for online orders, some stores are reported to only be accepting cash.
According to the retailer, customers have not had their payment card details exposed as a result of the security breach:
“All debit and credit card payment data are processed securely outside the group’s systems, via accredited third-party networks, and, therefore, there is no risk that this payment data has been accessed improperly.”
The Works says that it was “alerted to the incident by the operation of its security firewall,” and has disabled all internal and external access to its systems – including email – while it investigates the hack with an external team of cybersecurity experts.
In its statement, The Works has not confirmed that it suffered a ransomware attack and there is no indication that it has received a demand for cash from its attackers.
However, some media outlets are claiming that sources close to the incident are saying that computer systems were hit with ransomware after an employee fell victim to a malicious email.
The Works says that it has “made some immediate protective changes to further strengthen its security position,” and has informed the Information Commissioner’s Office (ICO) in case any customer data might have been exposed by the breach.