December 4th 2015
Over 650,000 customers of hospitality chain JD Wetherspoon have been warned to keep on their guard for fraudulent approaches. This follows a hack into a database on its now-defunct website which happened in June this year, but has only just come to light.
The customers affected could receive fraudulent emails or phone calls designed to obtain confidential personal and financial information, and should not click on links or open attachments in unexpected emails, nor respond to unexpected phone calls of this nature. This, of course, is the advice we give to everyone, whether a Wetherspoon customer or not.
In a letter to the customers, the company’s Chief Executive John Hutson said that the names, dates of birth, email addresses, physical addresses and phone numbers had been stolen. The 656,723 customers affected are those who signed up to receive Wetherspoon's newsletter, registered with The Cloud to Wi-Fi in pubs or submitted the 'contact' form on the website before August 2014. Also stolen have been the credit card details of 100 people who bought Wetherspoon vouchers online between January 2009 and August 2014.
Mr Hutson said that the last four digits of payment cards were stolen, as the remaining digits were not stored on the database, which was held by a third party company. The card data was not encrypted because other details such as password were not stored on the same database. He added that no evidence of fraudulent activity as a result of the breach had come to light.
Wetherspoon became aware of the hack breach on Tuesday this week, and it was confirmed the following day. A forensic investigation is taking place and the Information Commissioner has been notified.