JD Wetherspoon hit by cyber attack, 650,000 customers were targetStaff writer ▼ | December 5, 2015
British pub operator JD Wetherspoon is taking action after discovering that some customer and staff information has been accessed illegally by a third party.
Security UK pub operator saw an attack on the old website
As regards almost all customers, no financial data was involved in the hacking and no passwords were obtained for any customers. For a tiny minority of 100 customers, who purchased Wetherspoon vouchers online before August 2014, extremely limited credit/debit card details were accessed.
Wetherspoon has alerted customers to the situation by email and has also instructed a leading cyber security specialist to conduct a full forensic investigation into the breach.
Only the last four digits of the card numbers were obtained, since the remaining digits were not stored in the database. Other information, such as the customer name and the expiry date was not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes.
Some personal staff details, registered before 10th November 2011, were stolen, but no salary, bank, tax or national insurance information was accessed.
The Information Commissioner's Office (ICO), which regulates data protection, has been notified of the breach.
Wetherspoon chief executive John Hutson said: We apologise wholeheartedly to customers and staff who have been affected.
"Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence." ■