Wetherspoon’s hack: pub chain’s website hit by huge cyber attack, personal information and credit card details lost
The company’s old website was hacked in June, but it only just made the breach public
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Wetherspoon’s has been hacked, potentially putting hundreds of thousands of its customers’ information at risk.
The pub company said that 650,000 people might have had their personal details leaked, and that the card details of 100 people had been compromised.
The company said that those credit card details couldn’t be used on their own to steal money. But the stolen personal information will probably be sold on the black market, and the company recommends that customers stay vigilant.
It said: "These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database."
The stolen personal details of the 650,000 people includes the customer's name, date of birth, email address and phone number. It didn't say how users would have given over the information.
The pub chain's CEO John Hutson said the Information Commissioner's Office (ICO) is being told of the breach.
In a letter to customers, he said: "We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach in continuing.
"In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information."
The company said it received information on December 1 that the information may have been hacked, prompting an "urgent investigation by cyber security specialists".
It was then confirmed that its old website, which has since been replaced, had been hacked between June 15 and June 17 this year.
Mr Hutson said: "Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."
Additional reporting by Press Association
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments