Hackers target UK pub chain

JD Wetherspoon, the UK pubs and bars operator said that it suffered a cyberattack in June this year, but it only became aware of the data breach earlier this week.

Although the credit and debit card information of no more than 100 customers was stolen, other personal details, including the names and email addresses of 656,723 JD Wetherspoon customers, may also have been accessed.

“Unfortunately, the breach occurred without our knowledge and remained undetected until now,”  the group stated, adding that the Information Commissioner’s Office is being notified of the breach, believed to have occurred between 15 and 17 June on the group’s old website, which has more recently been replaced.

Wetherspoon’s chief executive (CEO), John Hutson has written customers to apologise and urge them to “remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information”.

He said that only the last four digits of payment cards were obtained by the hackers and neither the remaining digits nor passwords were stored in Wetherspoon’s database. “We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing,” Hutson added.


Related reading