Wetherspoon hack exposes more than 650,000 customers

UK pub chain JD Wetherspoon has revealed that it has been hacked, and that more than 650,000 customers may have had their details compromised.

Following on from the high profile TalkTalk attack back in October, infamous cheap and cheerful pub chain JD Wetherspoon has been subjected to its own cyberattack.

The attackers managed to access a database containing the information of 656,723 customers. Most of these customers had their full names, date of birth, email address, and mobile phone number stored on the system.

Perhaps of more concern is the fact that “a tiny minority of 100 customers” have had “extremely limited” credit or debit card details accessed.

However, JD Wetherspoon claims that only the last four digits of these card numbers were obtained, and the customer name and expiry date details related to each card were not stored on the database.

“As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes,” reads the JD Wetherspoon statement on the matter.

It seems the data breach happened to an older version of the company’s website, which has since been replaced entirely. As the BBC explains, the data breach occurred almost six months ago, between June 15 and June 17. However, the pub chain only found out about the attack on December 1, informing its customers on December 3.

Related: TalkTalk hack: How to protect yourself

The customers affected either signed up for the Wetherspoon newsletter, registered for free Wi-Fi in a Wetherspoon pub and agreed to received information from the company, submitted a ContactUs form, or bought vouchers online between January 2009 and August 2014.

While there appears to be no immediate fraud threat, Wetherspoon CEO John Hutson has advised customers to “remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information”.