3 min read

656,723 reasons to regret going to Wetherspoon's

Graham CLULEY

December 05, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
656,723 reasons to regret going to Wetherspoon's

JD Wetherspoon is a highly popular British chain of pubs, famous for its cheap booze, Thursday curry club and lack of pretension.

It’s far from everyone’s cup of tea, of course, and now over 650,000 people who gave the firm their names, email addresses, dates of birth and phone numbers have a good reason to regret their drinking spot.

Because the company has just announced that hackers have accessed a copy of its customer database, having accessed an old version of its website that was poorly secured.

In short, JD Wetherspoon used a third-party company to run its website. The website has since been revamped, and is now run by a new company on Wetherspoon’s behalf but the previous web host appears to have kept the old servers online, in an insecure fashion – and it was that which was breached by hackers.

Here is how Wetherspoon’s described the hack in an email to customers:

Dear Customer

We received information on the afternoon of the 1st December that some customer data may have been stolen by a third party (often referred to as Ëœhacking`). An urgent investigation by cyber security specialists was instigated. At 5.45pm on the 2nd December the security specialists informed us that the customer database related to our old website was breached (or hacked) between 15th and 17th June 2015. This website has since been replaced in its entirety. Our current website is managed by a new digital partner. The new partner has no connection to the website that was the subject of the breach of security.

In respect of the majority of customers, the database contained the following customer information: the name of the customer, the date of birth, the email address and the phone number.

Wetherspoon’s tries to hide the number of affected customers at the bottom of its FAQ – 656,723. That’s four times as many as were put at risk in the recent hack of broadband operator TalkTalk.

In addition, 100 customers (which JD Wetherspoon describes as “a tiny number”) who bought vouchers online have had the last four digits of their credit/debit cards stolen. Wetherspoon’s is keen to stress that other information (such as expiry date and customer name) weren’t taken in that part of the attack, and that those details alone cannot be used to empty your bank account – but think of how often you are asked to confirm the final digits of your card to prove your identity.

How might your details have ended up in Wetherspoon’s database?

Well, maybe you signed up for their newsletter on their website, or sent them a message via their “Contact us” form. Or maybe you registered with ‘The Cloud’, in order to use Wi-Fi at a Wetherspoon’s and agreed to receive information about the company at the same time.

Or perhaps you purchased Wetherspoons vouchers online between January 2009 and August 2014.

Finally, some personal staff details, registered before 10 November 2011, were also accessed by the hackers.

It goes without saying that the old version of the site should not have been accessible to the hackers. In fact, if JD Wetherspoon wasn’t planning to use the hosting company’s servers any longer it is a mystery as to why the provider did not wipe any information it was storing (insecurely as it happens) on its servers.

You cannot help but feel that it may not be entirely fair to solely blame JD Wetherspoon for allowing the breach to occur. Clearly the third-party company that previously hosted the Wetherspoon’s site may also have questions to answer – especially as it seems the breach occurred back in June, and only came to light some six months later.

JD Wetherspoon`s chief executive, John Hutson, apologised to customers and employees who have been impacted by the hack:

“Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”

The company says it has informed the Information Commissioner’s Office (ICO) about the data breach, and advises affected customers to be wary of unsolicited phone calls or messages – especially any that might invite recipients to click on links or request personal information.

wetherspoon-1

flickr photo shared by Ian Halsey under a Creative Commons ( BY-NC ) license

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Man who "scraped and sold 178 million users' data" is sued by Facebook Man who "scraped and sold 178 million users' data" is sued by Facebook
Graham CLULEY

October 26, 2021

2 min read
Microsoft Teams Rolls Out End-to-End Encryption Microsoft Teams Rolls Out End-to-End Encryption
Silviu STAHIE

October 25, 2021

1 min read
Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains
Filip TRUȚĂ

October 25, 2021

2 min read