The personal details of more than 650,000 people may have been stolen after one of Britain's leading pub companies was hacked.
JD Wetherspoon said the card details of 100 people had also been compromised in the breach, which happened in June.
But the chain confirmed in a statement to the BBC that only the last four digits of the cards were taken, and said the security numbers on the reverse of the cards had not been stolen.
It said: "These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database."
The stolen personal details of the 650,000 people includes the customer's name, date of birth, email address and phone number.
The pub chain's CEO John Hutson said the Information Commissioner's Office (ICO) is being told of the breach.
In a letter to customers, he said: "We have taken all necessary measures to make our website secure again following this attack. A forensic investigation into the breach in continuing.
"In this instance, we recommend that you remain vigilant for any emails that you are not expecting, that specifically ask you for personal or financial information, or request you to click on links or download information."
The company said it received information on December 1 that the information may have been hacked, prompting an "urgent investigation by cyber security specialists".
It was then confirmed that its old website, which has since been replaced, had been hacked between June 15 and June 17 this year.
Mr Hutson said: "Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."