JD Wetherspoon customers’ details stolen

Computer hackers have stolen the personal information of hundreds of thousands of JD Wetherspoon customers, the British pub operator revealed last Friday (4 December).

The details of 656,723 customers such as email addresses, birth dates and telephone numbers were stolen from the company’s old website.

JD Wetherspoon only became aware of the hack last week after being contacted by a national newspaper, despite the attack taking place in June.

Tim Martin, the Wetherspoon chairman, revealed to the press that he was sent an email last month informing him of the attack, but that he didn’t see it at the time. He said the message could have been blocked by a spam filter.

In a statement, the company assured that sensitive financial information had not been stolen, and that only “extremely limited” credit and debit details of around 100 customers had been taken.

These customers purchased Wetherspoon vouchers online before August 2014. Only the last four digits of their card number were accessed from the company database.

Some personal details of registered before November 2011 were stolen, but no salary, bank, tax or national insurance information was accessed, it said.

Wetherspoon chief executive John Hutson apologised “wholeheartedly” for the security breach. 

“Unfortunately, hacking is becoming more and more sophisticated and widespread,” he continued. “We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”

The Information Commissioner’s Office, which regulates data protection, has been notified, and JD Wetherspoon has hired an unnamed cyber security specialist to investigate.