Pubs group JD Wetherspoon (LON:JDW) has become the latest FTSE 350 company to admit to a cyber-security breach.
The company said it is taking action after discovering that some customer and staff information had been accessed illegally by a third party.
The information was obtained from Wetherspoon's old web site, which has been replaced in its entirety and is run by a new digital partner.
Affected Wetherspoon customers have been alerted to the situation by the company, and a a leading cyber security specialist has been called in to conduct a full forensic investigation into the breach.
The company said 100 customers who purchased Wetherspoon vouchers online before August 2014 would have had “extremely limited credit/debit card details” accessed by the cyber-criminals.
Only the last four digits of the card numbers were obtained, Wetherspoon revealed, while other information, such as the customer name and the expiry date, was not compromised. As a result, these credit/debit card details cannot, on their own, be used for fraudulent purposes, Wetherspoon said.
"We apologise wholeheartedly to customers and staff who have been affected,” said John Hutson, Wetherspoon's chief executive.
"Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."
The security breach does not appear to have been severe as the one suffered earlier this year by telecoms and Internet service provider TalkTalk (LON:TALK), which saw personal details of 157,000 TalkTalk customers accessed including 15,000 bank account numbers and 28,000 obscured credit and debit card numbers.
The market reacted phlegmatically, with the shares down 1.8% at 722.5p in a market that was off 0.4% after half an hour's trading.