Privacy Ninja

UK Retail Chain The Works Shuts Down Stores After Cyberattack

UK Retail Chain The Works Shuts Down Stores After Cyberattack

UK retail chain The Works announced it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems.

The discount retailer operates 530 stores in the United Kingdom and Ireland, selling books, toys, stationery, art, and craft materials, and has an annual revenue of about $300 million.

The announcement doesn’t go into many details about the nature of the incident, but it appears to have interrupted replenishment deliveries, extended online order fulfillment times, and compromised the safety of payments.

Also Read: A Closer Look: The Personal Information Protection Law in China

Emergency measures

The Works has since switched to new third-party credit and debit card payment processors to address this last problem, which the company claims are safe.

“Customers can continue to shop safely at The Works, both in (physical) stores and online,” mentions the firm’s notice of the cyber security incident

“All debit and credit card payment data are processed securely outside the Group’s systems, via accredited third-party networks and, therefore, there is no risk that this payment data has been accessed improperly.”

The company also underlines that the network intruders do not seem to have accessed client payment data based on initial investigations of the attack.

However, the scenario of compromised customer information cannot be ruled out yet, so the Information Commissioner’s Office has also been alerted about the incident.

The Works has taken a few emergency measures to deal with the cyberattack, such as disabling all internal and external access to IT systems and passing email communications to external providers.

The company has also appointed a team of forensics cyber security experts to investigate the impact of the incident and help with recovery.

Also Read: Battling Cyber Threats in 4 Simple Ways

Bleeping Computer has emailed The Works to learn more about the cyber attack, but we have not received a response yet.

In December 2021, a cyberattack against the IT systems of a SPAR distributor in the UK caused a similar result, forcing 330 stores in the country to close or switch to cash-only payments.

Card payment processing systems appear to be the first thing affected in these cyberattacks, primarily due to the overall compromise in IT system security.

Still, according to The Works, the ongoing situation is “unlikely to have a material adverse impact on its forecasts or financial position.” That is to say, the business disruption will be minimal.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us