Luxury five-star hotel The Ritz London admits to a potential data breach over the weekend, August 15, 2020, Saturday. The upmarket accommodation announced its discovery of its food and beverage reservation system on social networking platform Twitter in a series of tweets.
In a statement, The Ritz London said, “We can confirm that on August 12 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data. This does not include any credit card details or payment information.”
Following the incident, the luxury hotel said that they immediately conducted an investigation to identify the source of the breach. Likewise, the high-end accommodation revealed that it had been reaching out to affected customers whose personal information may have been compromised.
The Ritz London has also alerted the Information Commissioner’s Office (ICO) after the breach.
According to BBC, the breach which affected the food and beverage system of the hotel led to the targetting of high-paying diners and customers by “extremely convincing” scammers who pretended to be part of the Ritz London staff.
The scammers reportedly called and reached out to hotel dining customers to confirm the details of their supposed reservations, and by extension, “confirm” their respective card details.
After getting credit card information from the hotel customers, scammers reportedly tried to spend thousands worth of pounds at popular retailer Argos. Two women have since come forward to relay their experiences with BBC.
Fraudsters have also attempted to scam and con a number of victims by telling them that their credit card has been compromised and their card was being used for fraudulent transactions.
The scammers reportedly asked for the users’ security code, which may have enabled transactions to push through, notes Digital Trends.
Forbes likewise maintains that the phone calls made out to hotel customers appeared to come from the number typically associated with the luxury accommodation, thus making the scam much more believable to the targeted individuals.
In an interview with BBC, cybersecurity firm Cygenta co-founder Dr. Jessica Barker said, “People tend to trust caller ID, which is perfectly understandable because in theory, it appears to authenticate the caller. On top of that, when a scam like this involves insider information it adds an air of legitimacy and authority.”
The scamming incident following the data breach has prompted The Ritz London to release a statement, saying that “our team will never contact you by telephone to request credit card details to confirm your booking with us.”
As of writing, the extent of the breach and the scam carried out by fraudsters posing as part of the five-star hotel’s staff is still unknown.