Hackers breached the website of a major pub chain JD Wetherspoon,
operating in the UK and Ireland, in mid-June 2015.
The company sent an email to all its customers last week
info
rming them about the breach, the company also got to know about the breach
on December 1.
According to the
company “ the attackers gained access to a customer database linked to the
firm’s old website, which had been hosted by a third party. At some point after
the breach, the website was replaced and taken over by a new service provider
that is not connected to the incident.”
The database compromised includes the personal details of 656,723 people who signed
up for newsletters, registered Wi-Fi users, and those who bought online vouchers between January 2009 and
August 2014, or used the contact form on the company’s website.
For customers who bought online vouchers, the last four digits of their
payment card numbers had also been accessed. Whereas the company says that
website never stored the sensitive information.
JD Wetherspoon says “there is no evidence of fraudulent
activity involving the exposed data, but customers have been advised to beware
of emails asking for personal and financial information, or ones that instruct
recipients to click on links or install software.”
The investigation is ongoing on , and the Information
Commissioner’s Office (ICO) in the UK has been notified.