JD Wetherspoon has admitted its systems were hacked in July with the UK pub giant saying that its database of over 650,000 customers had been attacked.
Personal staff details registered before 10th November 2011 were also stolen, but this did not include salary, bank, tax, or national insurance information. Reports say 15,000 people are affected.
The company said 100 customers who purchased Wetherspoon vouchers online before August 2014 had the last four digits of their card numbers stolen.
The details were acquired by the firm when customers signed up for the free WiFi offered in the pubs.
The hack occurred between the 15th-17th June this year, raising significant questions as to why it took so long for the firm to identify the issue.
The breach only came to light when the pub operator was contacted by the Financial Times. A previous email, sent to Wetherspoon chief executive John Hutson on November 6th by someone claiming to have been responsible for the breach was lost in a spam filter.
Hutson has written to customers. In a statement he said: "We apologise wholeheartedly to customers and staff who have been affected.Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."
Wetherspoon spokesman Eddie Gershon told CBR " There is no question whatsoever of anyone losing their job as a result of this.
"Wetherspoon runs pubs and hacking is not within our level of expertise. We have brought in a specialist company that is investigating this and will await their further report."