JD Wetherspoon has said 100 of its customers’ credit card data was stolen in a cyber attack in June.
The pub chain said the names, addresses and email addresses of 650,000 customers may have been stolen, but it stressed that the credit card information stolen was “very limited” and could not be used to defraud.
Despite taking place in June, the hack is only coming to light now. And the Information Commissioner’s Office has now been notified. The hack took place between 15 and 17 June before JD Wetherspoon had replaced its website. But the company only became aware of a possible attack on 1 December, before it was confirmed a day later.
The data stolen had the details of 656,723 customers on it. The chain said the 100 customers who have had credit card information stolen had bought Wetherspoon vouchers between January 2009 and August 2014. It said that only the last four digits of card numbers were stored on the database.
In a letter to customers, Wetherspoon chief executive John Hutson urged its customers to “remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information”.
He added: “We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing.”