In a statement to the London Stock Exchange (LSE), JD Wetherspoon announced it was “taking action” after access of customer and staff information by a “third party”.
The statement continued: “For a tiny minority of 100 customers, who purchased Wetherspoon vouchers online before August 2014, extremely limited credit/debit card details were accessed. Only the last four digits of the card numbers were obtained, since the remaining digits were not stored in the database.
“Other information, such as the customer name and the expiry date was not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes. Some personal staff details, registered before 10 November 2011, were stolen, but no salary, bank, tax or national insurance information was accessed.”
Louise Bulman, VP EMEA at Vormetric, commented that JD Wetherspoon has been exposed as business with inadequate security intelligence – evidenced by how long it took to discover the breach.
“How many more times does this have to happen before businesses take heed? While the company insists that the credit card data is of no use, as full numbers were not stored on the database, other stolen personal information can create the perfect recipe for future ID theft or phishing attacks on customers,” she added.
Read more about data breaches:
Ross Brewer, vice president and managing director for international markets at LogRhythm, added to the debate by saying: “It’s not JD Wetherspoon’s fault that they were targeted – afterall, no one is safe from today’s hackers – but it is their fault that hackers were allowed so many months to steal this information.
“It cannot be said any more clearly; businesses need security intelligence that provides insight into network activity and enables them to detect a breach as soon as it happens, so they can mitigate it. In today’s day and age, JD Wetherspoon’s inability to detect a breach and protect its customer’s data is inexcusable, and it really won’t be long until the public agree and take refuge with a pint elsewhere.”
JD Wetherspoon chief executive John Hutson moved to reassure the public by “wholeheartedly” apologising to customers and staff who have been effected.
He added: “Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
The pub chain has nearly 1,000 sites throughout the UK and Republic or Ireland, and plans unveiled at the end of 2014 detailed an additional 15,000 new jobs and 200 pubs over the next five years.
For the 13 weeks to 25 October 2015 like-for-like sales increased by 2.4 per cent and total sales increased by 6.1 per cent. Sales, its most recent financial release stated, have been slightly higher in the last six weeks, coinciding with the Rugby World Cup.
In the year to July 27, the company’s revenues climbed to £1.41bn from £1.28bn and pre-tax profits excluding one-off costs such as write-downs rose 3.1 per cent to £79.3m.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
