Categories: SecurityWorkspace

Travelodge Admits Customer Data Leak

Travelodge has acknowledged an “issue” that resulted in the apparent compromise of some customer data, but said no financial details were involved.

In a letter (PDF) sent to customers Travelodge chief executive Guy Parsons acknowledged that “a small number” of customers had received a spam email at addresses registered with the company.

Financial details

Parsons did not indicate the nature of the “issue”, but said Travelodge hadn’t sold customers’ data and that no financial information was at risk.

“Our main priority is to ensure the security of our customers’ data,” Parsons wrote. “Please be assured, we have not sold any customer data and no financial information has been compromised… We are currently conducting a comprehensive investigation into this issue.”

Parsons said the email appeared to advertise unspecified part-time job opportunities.

“A further update will be given, when we have completed our investigation,” Parsons wrote.

Customers first reported the incident on Wednesday via Twitter.

“Just got spam, with my full name, to an email address only ever used for (Travelodge),” one user wrote.

A day later Travelodge admitted via its Twitter feed that there had been an “issue”.

ICO informed

“Sorry for the spam email you may have received,” the company said in a Thursday post on Twitter. “We have NOT sold any data. We’re currently investigating this issue and will update you ASAP.”

The company informed the Information Commissioner’s Office of the matter on Thursday, the company said in a Friday Twitter post.

“Our investigation shows a small number of customers have received a spam email,” the company posted. “The Information Commissioner’s Office was informed yesterday.”

The incident arrives amidst growing concern over the security of individuals’ personal data. A number of hacking attacks targeting organisations including the CIA, the FBI, Lockheed Martin, RSA Security, Sony, Nintendo and others have resulted in the theft of data.

This week hacking group Lulzsec began posting the names, addresses, phone numbers and the names of family members of members of US law enforcement officials, in a protest against the enforcement of US drugs laws.

The Information Commissioner’s Office (ICO) has begun handing down increasingly large fines to UK-based organisations who lose customer data.

Earlier this month the ICO issued its biggest fine to date, imposing a pentalty of £120,000 on Surrey County Council for disclosing individuals’ personal data on three separate occasions.

The incidents included sending personal data to groups including taxi firms and people who had subscribed to the council newsletter.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • Ash Patel, country manager for UK & Ireland at Stonesoft, has the following comment:

    “Despite the fact that the Travelodge is reassuring its customers that hackers didn’t steal any financial data and that they only managed to get away with names and emails addresses doesn’t make this any better. The hackers could now use the information they have obtained and target the customers with phishing emails and obtain such things as bank details by persuading them to open a malicious attachment which may then install malware or Trojans on to their PC.

    "The attack also highlights the importance of security when a company holds sensitive customer information. Organisations that carry out payment transactions should adhere to the PCI DSS Compliance guidelines and these should act as a supplement to good practice in-house security policies and processes . It is also very important to educate staff on Internet safety because ultimately the responsibility of security lies with the company and a breach can cause serious reputational damage.

    “If a company finds it doesn’t have the staffing resources at times of cutbacks to adopt and maintain a comprehensive security system/practice they should deploy security solutions which can be comprehensively centrally managed and updated to protect against new threats as they emerge.”

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago