The personal details of more than 650,000 people may have been stolen after one of Britain’s biggest pub companies had its website hacked.
JD Wetherspoon said the card details of 100 people had also been compromised in the breach, which happened in June but was disclosed yesterday in a statement to the London Stock Exchange.
However, the group confirmed later that only the last four digits of the cards were taken, and said the security numbers from the reverse of the cards had not been stolen.
It said: “These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.”
The stolen personal details of the 650,000 people include the customer’s name, date of birth, email address and phone number.
The pub chain’s chief executive John Hutson said the Information Commissioner’s Office is being told of the breach.
In a letter to customers, he said: “We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach in continuing.
“In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information.”
The company, which operates around 900 pubs, several of which are north of the Border, said it received information on 1 December that the information may have been hacked, prompting an “urgent investigation by cyber security specialists”.
It was then confirmed that its old website, which has since been replaced, had been hacked between 15 and 17 June this year.
Hutson said: “Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
Richard Cassidy, a technical director at Alert Logic, said: “The breach highlights the challenge all organisations face in today’s cyber threat landscape and reiterates the fact that a fundamental change in our approach to data security is required across the board.”