JD Wetherspoon, a popular chain of pubs in the UK, notified its customers late last week that it has discovered that its website was hacked between June 15 and 17, which exposed the names, birth dated, telephone numbers, email addresses of 656,723 customers. The credit card information of 100 of those customers, who purchased a voucher online before August of 2014 were also compromised.
Apparently the data located on the website was not encrypted, but the company said the security codes of the credit card information were not stored on the database. The company has stated that the website has been replaced.
This is not the first report of a hacking incident involving a website. Companies may want to review the security of their website hosting provider and consider strengthening contractual provisions to account for a potential security incident.