Some personal staff details registered before November 10 2011 were also stolen, but no salary, bank, tax or national insurance information was accessed.
"We apologize wholeheartedly to customers and staff who have been affected," Wetherspoon Chief Executive John Hutson, said in a statement.
"Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence."
Wetherspoon said that its old website, which has been entirely replaced by a new one, was hacked between June 15 and 17 but only detected on December 1 and confirmed by security specialists on December 2. Customers were notified on December 3.
A spokesperson for Wetherspoon said a letter had been sent out to over 650,000 customers but thinks the number affected is much lower. But in a letter to customers, the pub group said that it could not tell individuals whether any personal data was included in the breach.
Customer names, date of birth, email addresses and phones numbers were stored in the database which could potentially be accessed by hackers. Even though these are not financial details, they could be used to create very targeted phishing emails, that contain malicious links, for example.
But Wetherspoon's said that it has not seen evidence of any stolen information being used for fraudulent activity.
"There has been no information from customers, or from our cyber security specialists, that leads us to believe that fraudulent activity, using the stolen information, has taken place, although we cannot be certain," the firm said.
Wetherspoon added that it has notified the U.K,'s Information Commissioners Office about the breach.