Pub chain JD Wetherspoon says card data of 100 customers has been stolen from a database after it was hacked.
"Very limited" credit and debit card information was accessed in the hack in June and it could not be used for fraud, the company said.
Other personal details, including names and email addresses may also have been stolen from more than 650,000 people.
The Information Commissioner's Office is being notified of the breach, which only came to light in recent days.
The database had details - including names, dates of birth, email addresses and phone numbers - of 656,723 customers.
The 100 affected whose card data was stolen had bought Wetherspoon vouchers online between January 2009 and August 2014, the company said.
Only the last four digits of payment cards were obtained in the hack as the remaining digits were not stored in Wetherspoon's database, chief executive John Hutson said.
The card data was not encrypted because other details were not stored on the database, the company said.
In a letter to customers, Mr Hutson apologised and advised customers to "remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information".
The hack happened between 15 and 17 June on the pub chain's old website, which has since been replaced.
Cited and more on this story at BBC News
No comments:
Post a Comment