JD Wetherspoon is the latest high-profile company to become victim of a cyber attack.
A hacker gained access to a database containing the details of over 650,000 JD Wetherspoon customers.
The database mainly contained names, dates of birth, email addresses and phone numbers.
The pub chain said in a statement that the hack occurred in June. It apologised to the customers affected and said that the data breach was related to an old website which it no longer uses.
The company’s chief executive, John Hutson, received an anonymous email alerting him of the attack in November. However, the email wasn’t read – it was picked up by the company’s spam filter.
The chain wasn’t aware of the attack until The Financial Times contacted them on Monday.
Thankfully only a ‘tiny number of customers’ had information on their credit or debit cards stolen. It’s believed that the hacker only gained access to some pieces of financial information of around 100 customers.
In a statement, the firm said, “These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.”
The pub chain said that the details were taken from customers who used WiFi at the chain’s pubs.
Hutson said: “We apologise wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
Security experts believe that many of these cyber attacks come down to poor website security standards, which are often “not good enough” to prevent computer savvy cyber criminals from finding ways to access sensitive customer information.