Wetherspoon suffers major hack, some limited credit card details spilled

Yet another high-profile company has fallen victim to hackers

It's another day, and unfortunately another data breach has reared its ugly head, this time affecting the Wetherspoon chain of pubs.

Hackers have breached Wetherspoon's old website (which has no connection to its new site) and made off with the personal details of some 657,000 customers.

According to a report by the Guardian, those details included the usual suspects – names, dates of birth and email addresses, and also mobile phone numbers.

There were also financial details involved, but these were apparently limited to a very small number of unlucky folks who purchased vouchers from the pub prior to August 2014.

There were only 100 customers affected in the latter case, who had credit card (or debit card) details pilfered, although these weren't the full details – in fact the hackers only got the last four digits of the card number, meaning these are unusable.

Still, this is a pretty major breach, and any fiscal information being leaked is obviously a worry – not to mention mobile phone numbers, and email addresses which can be sold on to potential scammers.

Staff member details were also taken, but not any bank, tax or national insurance information fortunately.

Time of discovery

John Hutson, CEO of Wetherspoon, commented: "Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."

Another worrying aspect is, once again, the length of time it took for the breach to be uncovered. It happened back in June but was only brought to light on December 1, as the attack happened on a third-party firm that previously hosted the old Wetherspoon website.

Affected customers have been informed via email, and obviously the ICO has also been told, and will doubtless be investigating the breach.

How much this will cost Wetherspoon in the end obviously remains to be seen, although TalkTalk recently estimated that the losses from its recent major breach will run to some £35 million – and possibly even more due to potential legal action.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).