article featured image


PLC (also known as TheWorks.co.uk PLC) is a discount retailer with headquarters in the United Kingdom that distributes a wide variety of products such as books, art and craft supplies, gifts, toys, games, and stationery.

What Happened?

Following a cyber-security breach involving illegal access to its computer systems, the UK retail chain The Works reported that it was forced to close many locations due to till difficulties created by the attack.

According to the notification, there aren’t many specifics regarding the nature of the event, but it seems to have resulted in the suspension of replenishment deliveries, the extension of online order fulfillment periods, and the breach of the security of payment transactions.

In order to solve this final issue, The Works has recently transitioned to new third-party credit and debit card payment processors, which the firm believes are secure and reliable.

The Works.co.uk plc (LSE: WRKS), the multi-channel value retailer of arts, crafts, toys, books and stationery, confirms it has been subject to a cyber security incident involving unauthorised access to its computer systems.

There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues. Replenishment deliveries to the Group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced. The Company does not currently anticipate that this incident will have a material adverse impact on its forecasts or financial position.

Customers can continue to shop safely at The Works, both in store and online. All debit and credit card payment data are processed securely outside the Group’s systems, via accredited third-party networks and, therefore, there is no risk that this payment data has been accessed improperly.

Since being alerted to the incident by the operation of its security firewall, the Company has taken several immediate actions to protect the business and its customers:

  • As a precautionary measure, the Company disabled all internal and external access to its systems, including email, whilst it worked with its advisors to evaluate and rectify the situation
  • External forensic cyber security experts have been appointed whose investigations and recovery work are ongoing
  • To protect customers and the business, the company has made some immediate protective changes to further strengthen its security position
  • Whilst payment data has not been compromised, it has not yet been possible to establish the full extent to which any other data may have been affected. Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office.


Several emergency procedures have been implemented to cope with the onslaught, according to BleepingComputer, including barring all internal and external access to IT systems and forwarding email communications to third-party providers.

As a result of the event, the firm has also hired a team of forensics and cyber security professionals to analyze the situation and assist with the systems recovery.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo