Fortunately the cyber-attack only gained the last four digits of 100 customers' bank cards who purchased Wetherspoon vouchers online before August 2014.
No passwords were stolen, so there has been no financial burden for customers and staff affected, but names, dates of birth, email addresses and mobile phone numbers are at risk.
Remain vigilant
In a letter to customers, Wetherspoon chief executive John Hutson said: “We recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information.
“We also recommend that if you are contacted by anyone asking you for personal data or passwords, such as for your bank account details, you should take all steps to check the true identity of the organisation.”
Vital bank details such as expiry date were not nicked by hackers, so accounts can’t be accessed.
Some personal staff details, registered before 10 November 2011, were stolen, but no salary, bank, tax or national insurance information was accessed.
Apology
Hutson added: “We apologise wholeheartedly to customers and staff who have been affected.
“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”
The pubco has assured users that data was stolen from their old website, which has been replaced.
JDW say the new website is not at risk, and is managed by a new digital partner, which has no connection to the website which suffered the breach.
Cyber-attacks
Wetherspoon is not the first company to suffer a cyber attack, as telecoms group TalkTalk fell to cyber attackers in October.
TalkTalk was attacked three times in a year, and lost data of 157,000 employees.