The Works suffered cyber attack
The value retailer which stocks arts, crafts, toys, books and stationery confirmed it was subject to a cyber security attack on Monday 28 March which involved unauthorised access to its computer systems.
Some stores were closed due to till issues while stock deliveries were suspended. Customers are also facing longer delivery periods as a result.
However, The Works confirmed all debit and credit card payment data are not affected as this is processed outside the group’s systems via accredited third-party networks.
“There is no risk that this payment data has been accessed improperly”, it said so customers aren’t advised to change pin numbers or alert their banks. It added that customers can continue to shop safely in-store and online and that it doesn’t “anticipate that this incident will have a material adverse impact on its forecasts or financial position”.
Since it was alerted by its security firewall, the company said it disabled internal and external access to its systems, including email, while it investigated and rectified the situation.
It has also appointed external forensic cyber security expects and has informed the Information Commissioner’s Office (ICO) about the attack.
The ICO can assess cases, close cases with advice, or it can enforce a monetary penalty notice up to a maximum of £17m in the most serious of cases.