The Works responds to cyber-attack

05 Apr 2022
Kieran

UK-based retailer The Works is currently dealing with the impacts of a cyber security incident, involving “unauthorized access to its computer systems”. The cyber-attack has resulted in the organization having to shut some stores due to till issues, while it also reported limited disruption to its trading and business operations.

“Replenishment deliveries to the Group's stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced. The company does not currently anticipate that this incident will have a material adverse impact on its forecasts or financial position,” said the company in a statement.

With regards to the organization’s response to the incident, it has reportedly taken several steps after being alerted to the attack by its security firewall. This included disabling all internal and external access to its systems, including email, while the business worked with external advisors to evaluate the attack. It has also appointed forensic cyber-security experts to investigate and undergo recovery work.

The organization also noted that it “has made some immediate protective changes to further strengthen its security position.” Alongside this, it has contacted the Information Commissioner's Office (ICO) as a precautionary measure as it is yet to establish the full extent of the attack and if any other data may have been affected.

Going forwards, the organization has stated that customers can continue to shop safely both online and in-store. “All debit and credit card payment data are processed securely outside the Group's systems, via accredited third-party networks and, therefore, there is no risk that this payment data has been accessed improperly.”

From the organization’s actions following the incident, which they became aware of last week[1], it seems clear that they had a plan in place to ensure business continuity in the event of this type of cybersecurity incident. The impact on its business also appears to have been kept to a minimum, with only 5 stores out of 526 impacted and deliveries expected to resume shortly. The nature of having payment data processed via a third-party network has also reduced the chance of private data exposed to the hackers, but regardless contacting the ICO as early as possible in the process is a positive step.

[1] https://www.bbc.co.uk/news/business-60993635

The Works responds to cyber-attack

More on

About the author

Kieran Matthews

Events

AI Ethics - A New Factor in Business Continuity

Business Continuity & Resilience Awareness Week (BCAW+R) 2025

The Rise of generative AI: Exploring Responsible and Productive Uses for Resilience Practitioners

News

BCI World Hybrid 2025 Programme Advisory Group (PAG)

Northern Europe: A resilience case study

Building resilience against blackouts: Lessons from Europe's critical infrastructure disruption

You may also be interested in

BCI Operational Resilience Report 2025

BCAW+R 2025 Posters

Unlocking Operational Resilience with Digital Solutions

6 Ways to Incorporate AI into Business Continuity

BCAW+R 2025 Toolkit

BCI Equality, Diversity and Inclusion (EDI) in resilience White Paper Series 2025

BCI White Paper: Reputation at risk: strategies for strengthening reputational resilience in a crisis

Integrated Resilience: A new standard for preparedness

BCI Emergency & Crisis Communications Report 2025

How to Make Business Continuity Part of Your Organizational DNA

The Dynamics of BCM: Where art meets science in solutions design

Telecoms cyber attack live crisis exercise

BCI A Year in the World of Resilience Report 2024 - EMEA Launch

BCI A Year in the World of Resilience Report 2024

BCI Global Awards 2024 Ceremony

Building and maintaining a long distance Mentor/Mentee relationship

Mentor/Mentee relationships as a springboard

Back to the Future Mentoring

New BCI Course Launch: Stakeholder Engagement for Resilience Professionals

BCI Mentoring: From diversity to unity

The mutual benefits of mentoring

Bidirectional Mentoring

BCI Supply Chain Resilience Report 2024

BCI Continuity and Resilience Report 2024

WiR: Continuity Chat - Training and exercising: How'd you do it?

Enhancing cybersecurity through exercises

Lunch & Learn with BCI Thought Leadership: Cyber Resilience

BCI A Career in Resilience Report 2024 Launch

New BCI Course Launch: Introduction to Operational Resilience

BCI A Career in Resilience Report 2024

BCI Europe Awards 2024 - Virtual Ceremony

BCI World Hybrid 2024 - ROI Guide

The BCI Update Series: Cyber Resilience Report 2024

What is the state of operational resilience across the world

Integrating EDI within business continuity planning to build resilience

Learning from the past to prepare for the future

Resilience & technology - A resilience maturity journey

Resilience and innovation: leveraging technology & AI to build resilience

Managing crises with emergency services tools and public inquiries

The role of corporate training in changing organizational culture