JD Wetherspoon has announced that customer and staff details have been illegally accessed after it was hacked.
The company said limited credit/debit card details for c100 customers who bought Wetherspoon vouchers online before August 2014 were obtained from its old website.
The company has warned customers by email and has also instructed a cyber security specialist to conduct an investigation into the breach.
It insisted that only the last four digits of the card numbers were obtained, since the remaining digits were not stored in the database. Other information, such as the customer name and the expiry date was not compromised.
Some personal staff details, registered before 10th November 2011, were stolen, but no salary, bank, tax or national insurance information was accessed.
The Information Commissioner’s Office (ICO), which regulates data protection, has been notified of the breach.
Wetherspoon’s chief executive John Hutson said: “We apologise wholeheartedly to customers and staff who have been affected.
“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
