Costa Coffee and Premier Inn hit by data breach

Thieves may have made off with names, email addresses, employment info and more

One of the UK's biggest hospitality chains was hit by a data breach earlier this month, it has been revealed, after a third-party provider of recruitment software suffered a hack on its systems.

Australian SaaS firm PageUp revealed last month that it was "investigating a security incident where unauthorised person(s) accessed our system". The company acts as a supplier of HR software for Whitbread, the parent company of Costa Coffee, Premier Inn, Brewers Fayre, Beefeater and other UK chains.

The company warned that people who have applied for jobs with PageUp's clients could be affected by the breach, along with the people those applicants listed as employment references. Employees of PageUp clients who had access to the software could also be at risk, meaning some of Whitbread's HR staff could have been affected.

A startling breadth of data may have been compromised, according to PageUp, including:

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below
  • Names
  • Genders
  • Dates of birth
  • Nationalities
  • Email addresses
  • Physical addresses
  • Telephone numbers
  • Employment information

PageUp stated, however, that CVs, financial data, performance reviews and contracts were not affected by the breach. In addition, it confirmed that new safeguards have been put in place to prevent such an incident from occurring again, and said that "cyber security experts have confirmed they have not identified any further threats on our systems".

Whitbread told IT Pro that it is a client of PageUp, but declined to state how many of its 50,000 UK employees were affected by the hack. It confirmed that it had notified all affected parties, however.

Although no financial data was taken, cyber security professionals warned that this breach still gave the hackers everything they need to be able to carry out further sophisticated, targeted attacks against the victims.

"Data breaches involving third-party companies really highlight the need for larger businesses to look at the entirety of their supply chain for security weak-links," said Webroot's director of threat research David Kennerly. "The fact that information like date of births and even maiden names have been stolen along with email addresses gives cybercriminals all that they need to successfully monetise the hack, from phishing attacks to identity theft."

"Businesses of all sizes need to prioritise the security of critical and personal information, as you're never too small or large to be a target. The key learning lesson here is making sure that not only are your own security processes up to scratch but also that any third party dealing with sensitive data or accessing your network does so in the right way too."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020