JD Wetherspoon, a popular cheap pub chain in the UK has had an old version of their website hacked, putting over 600,000 of its customers at risk. The attack happened between June 15th & 17th, but the company was only notified on the 1st December, who then contacted security specialists. Wetherspoon’s customers where notified via email on 3rd December about the security risk.
The attackers specifically gained access to a database containing information on 656,723 customers. The “majority” of these had their first name, surname, date of birth, email address and mobile phone number stored on the system. The company says 100 customers who bought vouchers online before August 2014 also had “very limited” credit and debit card details stolen. Attackers could have obtained the last four digits of these cards, the rest weren’t stored on the database. Wetherspoon’s company believes these can’t be used for fraudulent purposes. They are also emphasising that some customers had less information stored on the system. For example, some only submitted their first name, surname and email address.
Who is affected?
Wetherspoon says its customers provide information “in several ways,” but the most common are:
- Signing up for the company newsletter, normally through its website
- Registering for free WiFi (The Cloud) in one of its pubs and agreeing to receive company information
- Submitting a Contact Us form online
- Buying the aforementioned vouchers online between January 2009 and August 2014.
Wetherspoon is keen to emphasise that the attack took place on an older website. It was run by another company, the identity of which is still unknown, and since then the pub chain has switched to a new website managed by a different partnering company.
Six months is a long time but Wetherspoon says it’s seen no evidence of fraudulent activity, or any reports that the stolen information has been used by the attackers. The company admits, however, that it “cannot be certain” at this time.
John Hutson, the CEO of JD Wetherspoon provided a statement:
“Hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
Wetherspoon joins TalkTalk, Vodafone and VTech in a number of hacks affecting companies both in the UK and abroad. TalkTalk has gained the most exposure in Britain, prompting an inquiry by the UK’s Culture, Media and Sport Committee. It will look not only at TalkTalk, but the security practices being used generally by the telecoms and internet service provider (ISP) industrySource: London Stock Exchange