Actually, it's Wetherspoon's turn in what is fast becoming a data breach nightmare for more than just a few regulars. The pulling power of vouchers off alcohol at pub chain JD Wetherspoon, could have cost a few punters more than their favourite tipple in last week's announcement that the personal details of up to 657,000 customers were stolen in the latest cyber attack on a British company.
JD Wetherspoon was quick to react, announcing it had only affected a small number of customers who had responded to a voucher offer last year and that, as the system only held the last 4 digits of the credit cards, and no security code, they could not be used fraudulently.
The Guardian reported that 656,723 customers affected were on the database with personal details such as their names, dates of birth, email addresses and mobile phone numbers.
But, with the data breach happening in June 2014, why did it take until 1st December this year to come to light? Because the data was held by a third party supplier who previously hosted the companies website.
Hopefully, this is a pint-sized example with no adverse financial repercussions for customers but, there are definitely lessons to be learned. Any companies information security is only as good as its weakest supplier. Key suppliers, such as those holding your customer data, should be coordinated and controlled, within your ISMS, to better manage your risk.