IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The Ritz suffers data breach after hackers pose as staff

Credit card fraudsters potentially compromised the personal data of guests visiting the five-star hotel

The front entrance of the Ritz Hotel, London, lit up at night.

London’s The Ritz is investigating a potential data breach that saw hackers “potentially compromise” the personal data of guests visiting the five-star establishment.

On 12 August, cyber criminals pretending to be Ritz employees managed to obtain an unknown amount of restaurant guests’ personal data, including information on their meal bookings. The scammers allegedly made phone calls to the guests asking to provide a confirmation of the reservations by sharing their bank details.

Using the obtained payment details, the cyber criminals then attempted to purchase around £1,000-worth of products from Argos.

The BBC reported that, after her card was declined, one of the victims was again contacted by the scammers - this time pretending to be a representative from her bank. He then asked the woman to provide him with the security code sent to her mobile phone which was meant to authorise the transaction.

The Ritz confirmed the incident to IT Pro, saying in a statement: “We can confirm that on 12th August 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data,” said the hotel, adding that “this does not include any credit card details or payment information”.

“We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how it happened and to prevent this from happening again.  We have contacted all of our clients whose data may have been compromised and alerted the Information Commissioner’s Office of the incident.”

A spokeswoman for the establishment told IT Pro that it is taking the breach “very seriously” and added that The Ritz is “working hard to resolve the issue and ensure the security of all our customers’ information”.

Related Resource

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

However, she also refused to disclose any further details and did not provide any further information on the progress of the investigation.

At the time of publication, it is still not clear how the scammer managed to obtain the guests' phone numbers.

The UK director of Orange Cyberdefense, Stuart Reed, said that “the incident is a stark reminder to The Ritz, and indeed any organisation that holds customer data, of the critical need for good data hygiene”. 

Reed also called for The Ritz to “share their findings with a wider audience as appropriate and as further details emerge”.

“Whilst this may not be an example of a multi-million pound breach, it shows again that data has a value and no one is immune to the attentions of cyber criminals. It is therefore essential to have robust policies, procedures and education, along with enabling technology, in place to mitigate risk and minimise impact when, not if, breaches occur,” he added.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Alibaba ECS instances targeted in new cryptojacking campaign
cryptocurrencies

Alibaba ECS instances targeted in new cryptojacking campaign

16 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022