In a statement to the London Stock Exchange (LSE), JD Wetherspoon announced it was “taking action” after access of customer and staff information by a “third party”.
The statement continued: “For a tiny minority of 100 customers, who purchased Wetherspoon vouchers online before August 2014, extremely limited credit/debit card details were accessed. Only the last four digits of the card numbers were obtained, since the remaining digits were not stored in the database.
“Other information, such as the customer name and the expiry date was not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes. Some personal staff details, registered before 10 November 2011, were stolen, but no salary, bank, tax or national insurance information was accessed.”
Louise Bulman, VP EMEA at Vormetric, commented that JD Wetherspoon has been exposed as business with inadequate security intelligence – evidenced by how long it took to discover the breach.
“How many more times does this have to happen before businesses take heed? While the company insists that the credit card data is of no use, as full numbers were not stored on the database, other stolen personal information can create the perfect recipe for future ID theft or phishing attacks on customers,” she added.
Read more about data breaches:
- Ashley Madison hack could be hugely lucrative, but that’s not the only thing to fear
- Data breach: How to react in the crucial first 24 hours
- Data security breaches – is silence a virtue?
Ross Brewer, vice president and managing director for international markets at LogRhythm, added to the debate by saying: “It’s not JD Wetherspoon’s fault that they were targeted – afterall, no one is safe from today’s hackers – but it is their fault that hackers were allowed so many months to steal this information.
“It cannot be said any more clearly; businesses need security intelligence that provides insight into network activity and enables them to detect a breach as soon as it happens, so they can mitigate it. In today’s day and age, JD Wetherspoon’s inability to detect a breach and protect its customer’s data is inexcusable, and it really won’t be long until the public agree and take refuge with a pint elsewhere.”
JD Wetherspoon chief executive John Hutson moved to reassure the public by “wholeheartedly” apologising to customers and staff who have been effected.
He added: “Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
The pub chain has nearly 1,000 sites throughout the UK and Republic or Ireland, and plans unveiled at the end of 2014 detailed an additional 15,000 new jobs and 200 pubs over the next five years.
For the 13 weeks to 25 October 2015 like-for-like sales increased by 2.4 per cent and total sales increased by 6.1 per cent. Sales, its most recent financial release stated, have been slightly higher in the last six weeks, coinciding with the Rugby World Cup.
In the year to July 27, the company’s revenues climbed to £1.41bn from £1.28bn and pre-tax profits excluding one-off costs such as write-downs rose 3.1 per cent to £79.3m.
Share this story