Costa Coffee and Premier Inn hit by data breach

Thieves may have made off with names, email addresses, employment info and more

One of the UK's biggest hospitality chains was hit by a data breach earlier this month, it has been revealed, after a third-party provider of recruitment software suffered a hack on its systems.

Australian SaaS firm PageUp revealed last month that it was "investigating a security incident where unauthorised person(s) accessed our system". The company acts as a supplier of HR software for Whitbread, the parent company of Costa Coffee, Premier Inn, Brewers Fayre, Beefeater and other UK chains.

Advertisement - Article continues below

The company warned that people who have applied for jobs with PageUp's clients could be affected by the breach, along with the people those applicants listed as employment references. Employees of PageUp clients who had access to the software could also be at risk, meaning some of Whitbread's HR staff could have been affected.

A startling breadth of data may have been compromised, according to PageUp, including:

  • Names
  • Genders
  • Dates of birth
  • Nationalities
  • Email addresses
  • Physical addresses
  • Telephone numbers
  • Employment information

PageUp stated, however, that CVs, financial data, performance reviews and contracts were not affected by the breach. In addition, it confirmed that new safeguards have been put in place to prevent such an incident from occurring again, and said that "cyber security experts have confirmed they have not identified any further threats on our systems".

Advertisement
Advertisement - Article continues below

Whitbread told IT Pro that it is a client of PageUp, but declined to state how many of its 50,000 UK employees were affected by the hack. It confirmed that it had notified all affected parties, however.

Advertisement - Article continues below

Although no financial data was taken, cyber security professionals warned that this breach still gave the hackers everything they need to be able to carry out further sophisticated, targeted attacks against the victims.

"Data breaches involving third-party companies really highlight the need for larger businesses to look at the entirety of their supply chain for security weak-links," said Webroot's director of threat research David Kennerly. "The fact that information like date of births and even maiden names have been stolen along with email addresses gives cybercriminals all that they need to successfully monetise the hack, from phishing attacks to identity theft."

"Businesses of all sizes need to prioritise the security of critical and personal information, as you're never too small or large to be a target. The key learning lesson here is making sure that not only are your own security processes up to scratch but also that any third party dealing with sensitive data or accessing your network does so in the right way too."

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020