JD Wetherspoon has revealed that the personal details of over 650,000 customers have been stolen after its database was hacked.
Personal details, including names and email addresses are reported to have been taken during the cyber-attack which took place between 15 and 17 June.
The pub chain also admitted that “very limited” credit and debit card information of 100 customers was exposed in the process which could be used for fraud. Those affected were found to have purchased Wetherspoon vouchers online between January 2009 and August 2014.
The company admitted it only recently became aware of the breach in recent days and has notified The Information Commissioner's Office. The attack took place on its old website which has since been replaced.
JD Wetherspoon chief executive, John Hutson, said that only the last four digits of payment cards were obtained in the hack as the remaining digits were not stored in Wetherspoon's database.
In a letter to customers, Hutson apologised and advised customers to "remain vigilant for any emails that you are not expecting that specifically ask you for personal or financial information, or request you to click on links or download information".
He added: "We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach is continuing."
Other customers likely to have affected by the breach are those who signed up to receive Wetherspoon's newsletter, registered with the cloud to use Wi-Fi in their pubs, submitted a 'contact us' form on the website, or bought vouchers online before August 2014.