Credit: Marcie Casas/Flickr

Cyber attack hits 650,000 JD Wetherspoon customers

The pub chain is the latest high-profile name to join the unenviable group of firms blighted by cyber attacks in recent months.

by Rebecca Smith
Last Updated: 04 Feb 2016

TalkTalk's infamous cyber attack may have only affected 4% of customers, but the firm is still reeling from the reputational fallout – not to mention the costly £35m headache it estimates the attack will end up leeching away from the company as it mops up lost revenues and splashes out on extra IT and customer service in the aftermath.

Despite the hack, TalkTalk said it was still on track to meet market expectations and delivered a healthy set of results in November. If anyone knows the hard-hitting effects a good old cyber attack can have it’s chief executive Dido Harding – who so far, looks to have weathered the initial storm amid difficult circumstances. So, she may well be offering to buy the bosses of JD Wetherspoon a stiff one in light of the news that the pub chain has launched an investigation into its own cyber attack.

MT would say don’t worry, but the scale of the hack is actually pretty sizeable – reaching about four times the number of customers that the TalkTalk hack did. A database containing the details of more than 650,000 'Spoons customers was breached back in June (relating to an old website which has since been entirely replaced).

On the relative bright side, the pub chain said the database mostly contained names, dates of birth, email addresses and phone numbers. You might be wondering how a pub chain builds up such an extensive bank of customer details – any unsuspecting punter who wanted to use the company's WiFi and duly tapped in their personal information could be among those at risk.

Spoons admitted that a ‘tiny number of customers’ have had some of their credit or debit card information stolen. It’s thought that only 100 customers did have financial information compromised and that hackers should have only been able to obtain the last four digits of card numbers in those cases.

In a statement, the firm said, ‘These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.’

The FT did report that personal details had been put up for sale by hackers on the so-called dark web and customers have been warned to stay vigilant for any unexpected emails which specifically ask for personal or financial information, and shouldn’t click on links or download files from any suspicious messages.

According to founder and chairman Tim Martin, an anonymous email was sent to chief executive John Hutson, drawing his attention to the attack on November 6. But it had been caught in the company’s spam filter, so Spoons was actually in the dark until the FT contacted it on Monday. Which might be a bit of a concern for customers. And for investors too - shares in the group opened down 1.3% on Friday.

The company, which operates 900 pubs across the UK and employs 33,000 staff, said the details were taken from customers who signed up to use WiFi in Wetherspoon pubs and entered their personal details into the company system. Some who bought Spoons gift vouchers online and 15,000 staff also had their information stolen.

‘We apologise wholeheartedly to customers and staff who have been affected,'  Hutson said. 'Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.’

But as the number of high-profile cases of cyber attacks keeps piling up, customers are likely to become fed up of the threadbare apologies. Granted, as more services and by extension data moves online, the risk will increase. But with Vodafone, Morgan Stanley and TalkTalk just several of the big firms which have had breaches in recent months, questions about whether such companies can be trusted with sensitive information will continue to escalate. And one of the last thing businesses need is trust levels to plummet further. That begs the question whether firms really are prioritising cyber security enough.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Books for the weekend: Daniel Goleman, Jack Welch, Nelson Mandela

Beaverbrooks CEO Anna Blackburn shares her reading list.

What happens next: COVID-19 lessons from Italian CEOs

Part I: Marco Alvera, chief executive of €15bn Lombardy-based energy firm Snam, on living with...

Coronavirus communications: Dos and don'ts

Uncertainty and isolation make it more important than ever to be seen, to be heard...

Leadership lessons: Mervyn Davies, former CEO of Standard Chartered and trade minister

"People talk about pressure – I worked 24 hours a day. There is more pressure...

How to reinvent your career through motherhood and midlife

Pay it Forward podcast: Former Marie Claire editor-in-chief Trish Halpin and BITE managing editor Nicky...