Hackers steal customer information from Marston's brewery

Hosting partner Digital Junkie has made improvements to security following the attack

Marston's has had one of its customer databases hacked, the company has revealed, with hackers stealing passwords and accessing sensitive information such as birthdates.

In an email to customers, the brewery said that people registered with its www.wychwood.co.uk website had been affected.

"We are writing to inform you that we have discovered that the database was the subject of a recent hacking attack, to let you know what we have done and are doing about it, and to give you advice on protecting yourself going forward," Marston's wrote.

Marston's was alerted to the hacking by its hosting partner Digital Junkie. One person on the database had reported to Digital Junkie that he had, on 30 September 2013, received a phishing email, purporting to come from HSBC Bank, asking him to download a document in order to verify irregulat activity in his bank account. He received the email at an address he used only on the Wychwood site.

"We and Digital Junkie immediately began investigations and it became apparent that the parts of the database were accessed by hackers on 28 September 2013," Marston's said.

Data that was accessed included the name and contact details, login details, dates of birth if provided, an analysis of customers' loyalty to Hobgoblin, and details of the frequency at which customers logged into the site.

The hackers also stole about three percent of the passwords on the database, but the brewery said that all passwords were encrypted in a way that they are fully protected.

"We have had no other reports of spam, phishing or any other activity, and we know that the same phishing email was also sent to persons who are not registered with the Wychwood website," Marston's said.

The company said that since the data breach, although Digital Junkie's security policies are "strict and detailed", it has worked with the hosting provider to implement additional measures to protect the database from future attacks.

It also advised customers to be alert to the risks of phishing emails, and to change their email addresses if they are concerned.


Show Comments