Hackers breached the website of a major pub chain JD Wetherspoon, operating in the UK and Ireland, in mid-June 2015.
The company sent an email to all its customers last week informing them about the breach, the company also got to know about the breach on December 1.
According to the company “ the attackers gained access to a customer database linked to the firm’s old website, which had been hosted by a third party. At some point after the breach, the website was replaced and taken over by a new service provider that is not connected to the incident.”
The database compromised includes the personal details of 656,723 people who signed up for newsletters, registered Wi-Fi users, and those who bought online vouchers between January 2009 and August 2014, or used the contact form on the company’s website.
For customers who bought online vouchers, the last four digits of their payment card numbers had also been accessed. Whereas the company says that website never stored the sensitive information.
JD Wetherspoon says “there is no evidence of fraudulent activity involving the exposed data, but customers have been advised to beware of emails asking for personal and financial information, or ones that instruct recipients to click on links or install software.”
The investigation is ongoing on , and the Information Commissioner’s Office (ICO) in the UK has been notified.