The personal information of nearly 657,000 customers was compromised in a breach of British pub chain operator JD Wetherspoon.
Email addresses, phone numbers, and dates of birth were stolen in June from the company's old website which has since been taken down, some of the data has been already spotted for sale on the dark web, according to the Financial Times.
The last four digits of 100 customer payment cards that were used to purchased Wetherspoon vouchers online before August 2014 were also compromised but not enough information was taken to be used for fraudulent purposes, according to a release.
Additionally, the personal information of 15,000 staff who registered before Nov. 10, 2011, was compromised but reportedly no salary, bank, tax or national insurance information was stolen.
Customers have been alerted and the incident is being investigated by the authorities.