JD Wetherspoon database of 656,723 punters hit by cyber attack
An old database containing the details of 656,723 JD Wetherspoon customers has been hacked, the pub chain has confirmed.
JD Wetherspon has revealed that while the cyber attack occurred in the middle of June, it was only made aware at the start of this week that customer information had been accessed illegally by a third party.
“Unfortunately, the breach occurred without our knowledge and remained undetected until now,” JD Wetherspoon confirmed.
The company has said that for almost all customers “no financial data was involved in the hacking and no passwords were obtained” but the credit and debit card details of 100 customers, who had purchased Wetherspoon vouchers online before August 2014, had been accessed.
The security breach relates to information on an old website, which has since been replaced.
The company said that only the last four digits of customer card numbers were obtained. Other information, such as the customer names and expiry dates on the cards, were not compromised.
“As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes," the company said.
Staff personal details were also stolen, but not salary, bank, tax or national insurance information.
“We apologise wholeheartedly to customers and staff who have been affected,” said John Hutson, Wetherspoon chief executive.
“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
JD Wetherspoon said that it notified the Information Commissioner’s Office and has confirmed that it started telling customers of the security breach this week.