One of the UK's biggest pub chains, JD Wetherspoon, has announced that its old website containing details on 656,723 of its customers was hacked in June. The bulk of the details pertained to personal information such as names, phone numbers, dates of birth, and email addresses. The company sent an email to its customers on 3 December which said it "cannot confirm" those who have been affected.
A customer's information could have been breached if he or she had:
- signed up via the company website to receive the JD Wetherspoon newsletter or
- registered at 'The Cloud' to use wifi at their outlets and opted to receive company information or
- purchased Wetherspoon vouchers online between January 2009 and August 2014 or
- submitted a 'Contact Us' form
John Hutson, CEO at JD Wetherspoon, asked customers to "remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information".
Credit and debit card breach
The database that was hacked had credit and debit card information of 100 of its customers, who had purchased the company's vouchers online. However, the Watford, UK-headquartered company, said the data breach was "extremely limited" as only the last four digits of the card were visible. There has been no evidence of these being misused till date.
The company became aware of the breach only on 1 December. It has since notified the Information Commissioner's Office, which is responsible for the enforcement of the Data Protection Act 1998, and also for Freedom of Information.
It has hired "a leading cyber security specialist to conduct a full forensic investigation into the breach". Apart from this, the company stated that it had hired a new partner to manage its new website.
CEO John Hutson's statement
"We apologise wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."