The company said part of its systems were affected by the hack, which took place on Thursday.
It insisted that no customer payment data was accessed but could give no such assurances about other personal details.
It marks the second attack on a retail name this month following a similar incident at arts, crafts and hobbies retailer The Works.
The Works says it is currently serving over 22.5 million customers annually
“The company has temporarily suspended orders from the website and is currently investigating the detail of the incident with external IT specialists.
“No customer payment data, such as bank account or credit card details, has been placed at risk – all of this data is processed securely via accredited third-parties and is securely encrypted.
“We are currently investigating the extent to which any personal data, specifically names, addresses, e-mail addresses and personalised card and gift designs has been accessed.”
The company said it did not expect the incident to have a “material impact on the financial position of the WH Smith Group”.
Shares were 1% down in early deals.
Read more:
Funkypigeon.com suspends orders after ‘cyber security incident’