UK retailer says security breach has not given hackers access to customer payment data
A cyber-attack targeting The Works has caused the closure of some of the retailer’s stores, delayed the resupply of stock and online order deliveries to customers.
The cut-price seller of books, crafts and toys, which operates 520 stores across the UK, said the security breach of its computer systems had not given hackers access to any customer payment data.
“There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues,” the company said. “Replenishment deliveries to the group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.”
The company said that as a precaution it had disabled internal and external access to its computer systems, including email, while it “works with its advisers to evaluate and rectify the situation”.
The Works said all debt and credit card transactions were processed outside its own systems by third parties so customer payment data had not been compromised by the attack.
“Customers can continue to shop safely at The Works, both in store and online,” the company said. “There is no risk that this payment data has been accessed improperly.”
However, the company, which has hired forensic cybersecurity experts to investigate the hack, said it did not yet know if other data had been accessed.
“While payment data has not been compromised, it has not yet been possible to establish the full extent to which any other data may have been affected,” the company said. “Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office.”
The London-listed business, which celebrated its 40th anniversary last year, said it did not anticipate the cyber-attack would have a material adverse impact on its forecasts or financial position.