Two weeks ago, while investigating another case, our CyberOPS team discovered the latest news about one of UK's largest pub chains. It came up in our Argos Cyber Threat Intelligence Platform via one of its sources, a cyber-crime forum on the Dark Web. The team had discovered that JD Wetherspoon had suffered a hack exposing 656,723 customer email addresses, phone numbers and dates of birth plus some credit and debit card details in addition to the details of their 15,000 staff.
A screenshot from the forum.
The information, now up for sale to the highest bidder on a forum run by the notorious Russian hacker ‘w0rm’, although the hack itself does not appear to be not his actual work but that of another threat actor based out of Russia. This threat actor is constantly changing identities but has declared his motivation to be “money”. He says he is currently targeting “Big Name” companies. JD Wetherspoon, for example, runs 900 pubs and employs 33,000 staff.
The announcement on Twitter.
Knowledge of the hack came as a surprise to JD Wetherspoon, who, in common with many organisation, have little knowledge of the degree to which their confidential data may already be exposed on Dark Web forums.
The Financial Times newspaper has acknowledged CyberInt with being the first to identify the JD Wetherspoon hack.
Companies who wish to avoid the massive reputational and financial damage that often follows these types of events should not only reinforce their own ‘traditional’ cyber defences but should take a more proactive stance to defending against such attacks.
This can be done by collecting targeted cyber intelligence from thousands of sources including the dark web, the deep web, social networks and other sources, and by continuously assessing the organisation’s resilience to these attacks.