Pub chain JD Wetherspoon has been hit by a security breach affecting 656,723 customers -- four times as many as in the recent TalkTalk hack.
Email addresses, phone numbers and dates of birth were stolen by hackers during the breach and have, according to the Financial Times, been put up for sale on the dark web. JD Wetherspoon has added that a "tiny number of customers" have had credit or debt card information stolen, but were quick to reassure customers that these card details could not be used to make fraudulent purchases. "For a tiny minority of 100 customers who purchased Wetherspoon vouchers online before August 2014, extremely limited credit and debit card details were accessed," it said in a statement. "Only the last four digits of the card numbers were obtained, since the remaining digits were not stored in the database. Other information, such as customer name or expiry date, was not compromised. As a result, these card details cannot be used for fraudulent purposes."
Others affected by the hack would be those who registered with The Cloud to use Wi-Fi in a Weatherspoons pub, who opted to receive their newsletter or wrote in with a comment or question on the website's 'contact-us' form. The Information Commissioner's Office has been informed, the company said.
The breach was discovered by intelligence group CyberInt, who linked the Wetherspoon's hack to a Russian group known to them on the Dark Web. According to the company, the hack took place on 15 and 17 June 2015. Wetherspoon only became aware on 1 December, it said. "We apologise wholeheartedly to customers and staff who have been affected," said Wetherspoon chief executive John Hutson. He asked customers to stay "vigilant" for emails that may attempt to follow-up on the hack with fraudulent requests for payment, malware or phishing scams. "Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."
This article was originally published by WIRED UK
