on 04-12-2015 05:33
Making the news this morning....
Pub chain JD Wetherspoon says card data of 100 customers has been stolen from a database after it was hacked.
"Very limited" credit and debit card information was accessed in the hack in June and it could not be used for fraud, CEO John Hutson said.
Other personal details, including names and email addresses may also have been stolen from more than 650,000 people.
An email I received in the early hours.....
|Important notice from the CEO of JD Wetherspoon re data breach.|
3rd December, 2015
We received information on the afternoon of the 1st December that some customer data may have been stolen by a third party (often referred to as ‘hacking’). An urgent investigation by cyber security specialists was instigated. At 5.45pm on the 2nd December the security specialists informed us that the customer database related to our old website was breached (or hacked) between 15th and 17th June 2015. This website has since been replaced in its entirety. Our current website is managed by a new digital partner. The new partner has no connection to the website that was the subject of the breach of security.
In respect of the majority of customers, the database contained the following customer information: the name of the customer, the date of birth, the email address and the phone number.
For a tiny number of customers (100), who purchased Wetherspoon vouchers online before August 2014, very limited credit/debit card information was stolen. Only the last 4 digits of the cards were obtained, since the remaining digits were not stored in the database. Other information, such as the customer name and the expiry date were not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes.
The credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.
The database did not hold any passwords.
We cannot confirm whether any of your personal data was included in this breach. However, I wanted to make you aware immediately and apologise on behalf of the company.
We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing.
The Information Commissioner’s Office (ICO), which regulates data protection, will be notified of the breach today.
The ICO recommends that we give you advice on what steps you can take following a data breach.
In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information.
We also recommend that if you are contacted by anyone asking you for personal data or passwords, such as for your bank account details, you should take all steps to check the true identity of the organisation.
If you have further questions, please visit the FAQ (frequently asked questions) section of our website. You can access this by visitingwww.jdwetherspoon.com. The information will be displayed on the FAQ section of the ‘Contact Us’ page. It is also attached to this email.
The breach took place some time ago. There has been no information from customers, or from our cyber security specialists, that leads us to believe that fraudulent activity, using the stolen information, has taken place, although we cannot be certain.
Once again, please accept our sincere apologies and be assured that we are doing our utmost to prevent this from happening again.
on 04-12-2015 05:35
on 04-12-2015 09:27
After reading that letter it appears that their 'cyber security specialists' are neither special nor secure.
& as posted above ^ ^ ^ its taken sooooo long since Summer this year to 'come clean' & 'appear transparent'
btb the local Wetherspoon's in Skipton has Wi-Fi which is crap
on 04-12-2015 13:03
They only have my email address simply because working at the bank I used to process their takings from each outlet. To be honest, I'm surprised they are still a viable business. Hope I'm not giving away any state secrets here....official secrets act and all that. Any extradition here in Thailand