Wetherspoon pub chain reveals massive data leak

Details of hundreds-of-thousands of customers stolen by hackers

Beer

JD Wetherspoon, one of the biggest pubcos in the UK, has suffered a huge data theft incident, with hackers making off with the details of over 600,000 customers, including the details of around 100 credit and debit cards.

The company revealed today that its old website, was hacked in June and an associated database, containing the details of 656,723 customers and an unknown number of employees, was stolen.

Advertisement - Article continues below

The customer details were, in the majority of cases, limited to names, phone numbers, dates of birth, and email addresses, but 100 of those affected had "extremely limited credit/debit card details ... accessed".

"Only the last four digits of the card numbers were obtained since the remaining digits were not stored in the database. Other information, such as the customer name and the expiry date was not compromised," the company said in a statement.

"As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes."

However, Simon Keates, a consultant in mobile security at Thales e-Security, said the theft of the other personal details "is of no less significant concern".

"In fact, theft of card details is relatively easy to 'deal with' - they can be blocked and replaced," he said. "It's the other - seemingly innocuous - information that can pose a bigger problem.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Details such as you mother's maiden name, your date of birth, and where you live can be pieced together relatively easily by would-be criminals and used as bait for targeting phishing attacks and identity theft to access more sensitive this information."

Mark James of IT security firm ESET added: "John Hutson, the CEO of JD Wetherspoon, has stated that the breach affected the chain's 'old website', which has since been replaced in its entirety.

"There is a high possibility that little or poor security was involved in the original creation of the [old] site and that in itself led to the site being rewritten. If this was the case, it would be easy to gain access to that data and retrieve all the information and leave without anyone ever noticing."

James and several other security experts have also raised concerns over the fact it took six months for the company to become aware of the breach.

Advertisement - Article continues below

In a statement, the Information Commissioner's Office (ICO) told IT Pro: "We are aware of an incident at JD Wetherspoon and are making enquiries."

JD Wetherspoon hack: what to do if you have been a victim

JD Wetherspoon told customers in an email that it "cannot confirm" yet exactly who has been affected. However, you may be at risk if you have done any of the following:

  • Used the 'Contact Us' form
  • Signed up to receive the JD Wetherspoon newsletter
  • Registered to use 'The Cloud' WiFi in its pubs and opted into receiving company information (e.g. marketing materials
  • Bought Wetherspoon vouchers online anytime between January 2009 and August 2014
  • Began working at JD Wetherspoon before 10 November 2011

Users should be on the lookout for phishing emails, unsolicited phone calls, as well as any unusual bank activity or other indicators of fraud. They should also consider changing their passwords, particularly if they are in the habit of re-using the same ones repeatedly.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020