JD Wetherspoon, the pub of choice for those seeking a cheap pint and no music to distract them, has confessed to a database hack that occured over six months ago, affecting the personal details of more than 650,000 customers.
The vast majority of data compromised was names and email addresses; there was also “very limited” credit and debit card information accessed in the hack which took place in June but has only just come to light.
The database had details – including names, dates of birth, email addresses and phone numbers – of 656,723 customers, although the firm claims only 100 customers have had their bank card data stolen. They had bought Wetherspoon vouchers online between January 2009 and August 2014, the company said.
Only the last four digits of payment cards were obtained in the hack as the remaining digits were not stored in Wetherspoon’s database, chief executive John Hutson maintained.
In a letter to customers, Hutson apologised and advised customers to “remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information”.
The hack occured between 15 and 17 June on the pub chain’s old website, which has since been replaced.
Hutson added: “We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing.”
5m customers hit as kids’ toy firm Vtech is hacked
TalkTalk chief hits back: we’re just the punchball
TalkTalk under fire as 4m customers hit by hack
Storm clouds gather over Experian
Breach fuels call to fire Experian boss