Data stolen from thousands of JD Wetherspoon customers

More than 650,000 customers of popular pub chain JD Wetherspoon have had their personal information stolen in yet another cyber attack, one of a string of attacks happening over the last few months. The hack is said to have taken place in mid-June

The hack was discovered by cyber security company CyberInt who made JD Wetherspoon aware December 1st. The hack is said to have taken place in mid-June, though JD Wetherspoon say there had been no evidence any of the information stolen in the attack had been used fraudulently since that date, hence it taking so long to discover.

For the majority, the information stolen was limited to names, dates of birth, email addresses and phone numbers of members of staff or any customers who had used Wetherspoon’s Wi-Fi, contacted them via their website, or given their information in any other way. For a few however, credit or debit card information had also been accessed during the breach. Wetherspoon have said that the unencrypted partial card data of 100 customers who brought vouchers online between January 2009 and August 2014 had been accessed, but no other card data had been, as further card information was not held in their databases. In a statement, JD Wetherspoon stated that the card information stolen was limited enough that it could not be used to make purchases or access funds. They also stressed that while some employee information had been accessed, information about salary, tax or national insurance had not been accessed at all.

JD Wetherspoon CEO John Hutson apologized in the statement, saying: “We apologise wholeheartedly to customers and staff who have been affected.

“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”