Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

JD Wetherspoon: A 'hacker' nicks 650,000 pub-goers' data

ICO looking into the breach

Pub chain JD Wetherspoon has confessed to a data breach in which a third party managed to snag the personal data of 650,000 customers, together with some financial data, through a hack on its old website.

Some of the pub chain's staffers' personal info was also accessed.

A database containing personally identifiable information was accessed, potentially compromising the names, email addresses, dates of birth, and phone numbers of 656,723 customers.

An email to customers stated "very limited credit/debit card information" was stolen from "a tiny number of customers (100), who purchased Wetherspoon vouchers online before August 2014", however 'Spoons was unable to confirm to customers whether they had specifically been affected.

The data was not encrypted, said the firm, "because the first 12 digits and the security number on the reverse of the card were not stored on the database."

The Information Commissioner's Office has been informed of the breach, stated the company, which further explained how it collects customer information:

Despite being discovered on 1 December, 'Spoons noted "the breach took place some time ago" - between 15 and 17 June this year.

"There has been no information from customers, or from our cyber security specialists, that leads us to believe that fraudulent activity has taken place," the company said, adding, "although we cannot be certain."

In a letter to investors, JD Wetherspoon claimed the information had been obtained from its old website, which has now been replaced in its entirety.

Luke Scanlon, a technology lawyer at Pinsent Masons, said: "Every business which collects personal data from its customers has a responsibility to ensure that cyber protection measures are in place that provide a level of security which takes into account "best practice" and the "state of the art" security technologies available to them, proportionate to the costs of implementing those technologies and the risks inherent in the nature of data being processed."

"Currently in the UK, businesses (with the exception of some telcos) are under no obligation to report a breach but this is due to change under the incoming General Data Protection Regulation, meaning that companies could face significant fines in addition to reputational damage and other legal consequences if they choose to not to report a breach," said Scanlon. "Each time a breach of this nature occurs, it is a wake-up call for businesses – the threat is a very real and constant one which could have damaging consequences for a business if the appropriate security isn’t in place."

JD Wetherspoon CEO John Hutson said: "We apologise wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."

Rest assured, The Register has enquired as to how this theft was possible through an attack on the website. The company has told us that no further information will be provided before their investigation is complete.

If you can shed any light on the situation, drop us an email. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like