Pub sequence JD Wetherspoon says label information of 100 business has been stolen from a database after it was hacked.
“Very limited” credit and withdraw label information was accessed in a penetrate in Jun and it could not be used for fraud, a association said.
Other personal details, including names and email addresses might also have been stolen from some-more than 650,000 people.
The Information Commissioner’s Office is being told of a breach, that usually came to light in new days.
The database had sum – including names, dates of birth, email addresses and phone numbers – of 656,723 customers.
The 100 influenced whose label information was stolen had bought Wetherspoon vouchers online between Jan 2009 and Aug 2014, a association said.
Only a final 4 digits of remuneration cards were performed in a penetrate as a remaining digits were not stored in Wetherspoon’s database, arch executive John Hutson said.
The label information was not encrypted given other sum were not stored on a database, a association said.
In a minute to customers, Mr Hutson apologised and suggested business to “remain observant for any emails that we are not awaiting that privately ask we for personal or financial information, or ask we to click on links or download information”.
The penetrate happened between 15 and 17 Jun on a pub chain’s aged website, that has given been replaced.
Mr Hutson pronounced there was no justification that fake activity had taken place regulating a hacked information and a database did not reason passwords.
He added: “We have taken all required measures to make a website secure again following this attack. A debate review into a crack is continuing.”
The information accessed was hold by a third celebration association though had remained undetected. Wetherspoon became wakeful of a probable crack on 1 Dec and it was reliable a following day.
Information would have been put on a database possibly when business sealed adult to accept Wetherspoon’s newsletter, purebred with The Cloud to use wi-fi in their pubs, submitted a ‘contact us’ form on a website, or bought vouchers online before Aug 2014.