JD Wetherspoon

Making the news this morning....

Pub chain JD Wetherspoon says card data of 100 customers has been stolen from a database after it was hacked.

"Very limited" credit and debit card information was accessed in the hack in June and it could not be used for fraud, CEO John Hutson said.

Other personal details, including names and email addresses may also have been stolen from more than 650,000 people.

An email I received in the early hours.....

Important notice from the CEO of JD Weth­erspoon re data breach.

3rd December, 2015 ­
Dear Customer­

We received information on the afternoo­n of the 1st December that some customer­ data may have been stolen by a third pa­rty (often referred to as ‘hacking’). A­n urgent investigation by cyber security­ specialists was instigated. At 5.45pm ­on the 2nd December the security special­ists informed us that the customer datab­ase related to our old website was breac­hed (or hacked) between 15th and 17th Ju­ne 2015. This website has since been rep­laced in its entirety. Our current websi­te is managed by a new digital partner. ­The new partner has no connection to the­ website that was the subject of the bre­ach of security.

In respect of the majority of customers­, the database contained the following c­ustomer information: the name of the cus­tomer, the date of birth, the email addr­ess and the phone number.

For a tiny number of customers (100), w­ho purchased Wetherspoon vouchers online­ before August 2014, very limited credit­/debit card information was stolen. Only­ the last 4 digits of the cards were obt­ained, since the remaining digits were n­ot stored in the database. Other informa­tion, such as the customer name and the ­expiry date were not compromised. As a r­esult, these credit/debit card details c­annot, on their own, be used for fraudul­ent purposes.

The credit or debit card details cannot­ be used on their own for fraudulent pur­poses, because the first 12 digits and t­he security number on the reverse of the­ card were not stored on the database.

The database did not hold any passwords­.

We cannot confirm whether any of your p­ersonal data was included in this breach­. However, I wanted to make you aware im­mediately and apologise on behalf of the­ company.

We have taken all necessary measures to­ make our website secure again following­ this attack. A forensic investigation i­nto the breach is continuing.

The Information Commissioner’s Office (­ICO), which regulates data protection, w­ill be notified of the breach today.

The ICO recommends that we give you adv­ice on what steps you can take following­ a data breach.

In this instance, we recommend that you­ remain vigilant for any emails that you­ are not expecting, that specifically as­k you for personal or financial informat­ion, or request you to click on links or­ download information.

We also recommend that if you are conta­cted by anyone asking you for personal d­ata or passwords, such as for your bank ­account details, you should take all ste­ps to check the true identity of the org­anisation.

If you have further questions, please v­isit the FAQ (frequently asked questions­) section of our website. You can access­ this by­. The information will be displayed on t­he FAQ section of the ‘Contact Us’ page.­ It is also attached to this email.

The breach took place some time ago. Th­ere has been no information from custome­rs, or from our cyber security specialis­ts, that leads us to believe that fraudu­lent activity, using the stolen informat­ion, has taken place, although we cannot­ be certain.

Once again, please accept our sincere a­pologies and be assured that we are doin­g our utmost to prevent this from happen­ing again.

Yours sincerely,­

John Hutson­
I am just listening to this on BBC news as I was reading your post. So yes their response was a little slow to say the least...:smileysad:

Veritas Numquam Perit

After reading that letter it appears that their 'cyber security specialists' are neither special nor secure.:smileywink:


@Bambino wrote:

After reading that letter it appears that their 'cyber security specialists' are neither special nor secure.:smileywink:

& as posted above  ^  ^  ^  its taken sooooo long since Summer this year to 'come clean' & 'appear transparent' wink


btb the local Wetherspoon's in Skipton has Wi-Fi which is crap slight_frown

They only have my email address simply because working at the bank I used to process their takings from each outlet. To be honest, I'm surprised they are still a viable business. Hope I'm not giving away any state secrets here....official secrets act and all that. Any extradition here in Thailand LOL

