Details of over 650,000 customer details stolen in hack, pub chain confirms
One of Britain’s largest pub chains has suffered a major cyber-attack in which hundreds of thousands of its customers had their personal details stolen.
JD Wetherspoon, which has over a thousand branches around the UK, confirmed that a third party has managed to steal the information from the database for an older version of its website.
Overall, as many as 656,723 customers could have had their data stolen, as Wetherspoon confirmed that the information was not encrypted.
The affected include including 100 customers who have had their credit and debit card information stolen after buying Wetherspoon vouchers online before August 2014, although the company says the data accessed was “extremely limited”, and only the last four digits of the card were visible.
Customers could have also have been put at risk by signing up to receive the JD Wetherspoon newsletter via the company website, by registering to use the public ‘The Cloud’ Wi-Fi network in its pubs and opting to receive company information, or by submitting a ‘Contact Us’ form on the company website.
Some personal staff details registered before November 2011 were also stolen in the hack, but no salary, bank, tax or national insurance information was accessed.
The company has informed the Information Commissioner’s Office (ICO) of the hack, and has alerted affected customers by email, as well as signing up a “leading cyber security specialist” to conduct a full forensic investigation into the breach.
“We apologise wholeheartedly to customers and staff who have been affected,” Wetherspoon chief executive John Hutson said in a statement.
“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
The breach is the latest to hit a major UK company in recent months, as hackers extend their reach to a wide range of targets.
Most notably, phone and Internet provider TalkTalk was hit by a major hack in October, with four percent of its users, or 157,000 customers, had personal details stolen, including 16,500 account details and 20,000 card details.
Are you a data breach expert? Take our quiz to find out!