The JD Wetherspoon pub, the 'Hope And Champion', opens for the first day of trading in the Extra Motorway Service Area at junction 2 of the M40 motorway on January 21, 2014 in Beaconsfield, England
The JD Wetherspoon pub, the 'Hope And Champion', opens for the first day of trading in the Extra Motorway Service Area at junction 2 of the M40 motorway on January 21, 2014 in Beaconsfield, England

Wetherspoon’s hack: pub chain’s website hit by huge cyber attack, personal information and credit card details lost

The company’s old website was hacked in June, but it only just made the breach public

Andrew Griffin
Friday 04 December 2015 11:28
Comments

Wetherspoon’s has been hacked, potentially putting hundreds of thousands of its customers’ information at risk.

The pub company said that 650,000 people might have had their personal details leaked, and that the card details of 100 people had been compromised.

The company said that those credit card details couldn’t be used on their own to steal money. But the stolen personal information will probably be sold on the black market, and the company recommends that customers stay vigilant.

It said: "These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database."

The stolen personal details of the 650,000 people includes the customer's name, date of birth, email address and phone number. It didn't say how users would have given over the information.

The pub chain's CEO John Hutson said the Information Commissioner's Office (ICO) is being told of the breach.

In a letter to customers, he said: "We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach in continuing.

"In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information."

The company said it received information on December 1 that the information may have been hacked, prompting an "urgent investigation by cyber security specialists".

It was then confirmed that its old website, which has since been replaced, had been hacked between June 15 and June 17 this year.

Mr Hutson said: "Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."

Additional reporting by Press Association

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in