JD Wetherspoon admits data breach

By Liam Garrahan contact

- Last updated on GMT

JD Wetherspoon admits data breach

Related tags: E-mail

JD Wetherspoon has become the latest hospitality business to admit that some customer and staff data, including credit and debit cards, names, mobile phone numbers, email addresses, and dates of birth, has been accessed illegally by a third party.

The data breach, which took place between 15 and 17 June this year and saw the data of 656,723 customers accessed, is the latest in a recent line of attacks on the hospitality industry​.

The operator has said that ‘a tiny minority’ of 100 customers had their credit/debit cards accessed; this was limited to the final four digits of the card. As a result, no fraudulent activity can take place. Those who were affected by this purchased Wetherspoon vouchers online before August 2014.

Some personal staff details, registered before 10 November 2011, were stolen, but no salary, bank, tax or national insurance information was breached.

No passwords were obtained by the hackers.

In a statement, Wetherspoon chief executive, John Hutson, said: “We apologise wholeheartedly to customers and staff who have been affected.

“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”

The information was obtained from the pub operator’s old website, which has been replaced in its entirety. The current website is managed by a new digital partner with no links to the website that was the subject of the security breach.

In an email to customers, the operator offered advice to those affected.

“We recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information.

“We also recommend that if you are contacted by anyone asking you for personal data or passwords, such as for your bank account details, you should take all steps to check the true identity of the organisation.”

The Information Commissioner’s Office, which regulates data protection, has been notified of the breach, and the group is investigating the incident.

Related news

Show more

Related products

show more

Align reopening plans with customer expectations

Align reopening plans with customer expectations

Shield Safety Group | 15-Jul-2020 | Technical / White Paper

Understanding the customer is a key step in reopening your business. Customers want to experience a worry-free, relaxing environment and ultimately feel...

Related suppliers


Follow us

Hospitality Guides

View more

Featured Suppliers

All suppliers

Free Email Newsletter

Subscribe to BigHospitality

The trusted industry reference point

Get the latest news & analysis from the UK hospitality sector straight to your inbox!