Heads up fellow piss artist
got email today
Important notice from the CEO of JD Wetherspoon re data breach
3rd December, 2015
Dear Customer
We received information on the afternoon of the 1st December that some customer data may have been stolen by a third party (often referred to as ‘hacking’). An urgent investigation by cyber security specialists was instigated. At 5.45pm on the 2nd December the security specialists informed us that the customer database related to our old website was breached (or hacked) between 15th and 17th June 2015. This website has since been replaced in its entirety. Our current website is managed by a new digital partner. The new partner has no connection to the website that was the subject of the breach of security.
In respect of the majority of customers, the database contained the following customer information: the name of the customer, the date of birth, the email address and the phone number.
For a tiny number of customers (100), who purchased Wetherspoon vouchers online before August 2014, very limited credit/debit card information was stolen. Only the last 4 digits of the cards were obtained, since the remaining digits were not stored in the database. Other information, such as the customer name and the expiry date were not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes.
The credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.
The database did not hold any passwords.
We cannot confirm whether any of your personal data was included in this breach. However, I wanted to make you aware immediately and apologise on behalf of the company.
We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing.
The Information Commissioner’s Office (ICO), which regulates data protection, will be notified of the breach today.
The ICO recommends that we give you advice on what steps you can take following a data breach.
In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information.
We also recommend that if you are contacted by anyone asking you for personal data or passwords, such as for your bank account details, you should take all steps to check the true identity of the organisation.
If you have further questions, please visit the FAQ (frequently asked questions) section of our website. You can access this by visiting
www.jdwetherspoon.com. The information will be displayed on the FAQ section of the ‘Contact Us’ page. It is also attached to this email.
The breach took place some time ago. There has been no information from customers, or from our cyber security specialists, that leads us to believe that fraudulent activity, using the stolen information, has taken place, although we cannot be certain.
Once again, please accept our sincere apologies and be assured that we are doing our utmost to prevent this from happening again.
Yours sincerely,
John Hutson
CEO