Travelodge customer database hacked or stolen

24 June 2011

Bitterwallet - Travelodge featuredTravelodge has finally admitted that its customer database has been hacked or stolen - over a day after customers informed them. However, the hotel chain has not confirmed what happened, nor has it stated what information has been lost - only that it has "not sold any customer data and no financial information has been compromised."

Customers became aware of the problem when they started receiving spam email that used a unique email address only registered with Travelodge. The issue was first mentioned on Twitter as early as Wednesday:

Bitterwallet - Travelodge hack spam 1

Several more customers confirmed the issue and contacted the company both through Twitter and email, but Travelodge remained silent on the matter for a day. It took until yesterday lunchtime for the company to inform customers about the issue, but then only those who used Twitter:

Bitterwallet - Travelodge hack spam 2

While Twitter is an invaluable tool for customer services, it's hardly the place to announced major security announcements to a broad customer base, since the majority won't use it. Instead, it took Travelodge another three hours to finally email their customers:

Our main priority is to ensure the security of our customers' data, which is why I wanted to make you aware that a small number of you may have received a spam email via the email address you have registered with us.Please be assured we have not sold any customer data and no financial information has been compromised.

All financial data (including credit card information) is compliant with current best practice standards and is audited to PCI (Payment Card Industry) requirements.

The safety and security of your personal information is of the utmost importance to us and as a result we are currently conducting a comprehensive investigation into this issue.

If you receive an email similar to the one shown here, please delete it as spam.

If you have any questions regarding this matter, please email: [email protected] A further update will be given, when we have completed our investigation.

Guy Parsons
Chief Executive

What's interesting about the email is what it doesn't mention; all we know is that customer's financial information is intact. However, the choice of wording - "we have not sold any customer data and no financial information has been compromised" - is very specific; customer records were therefore either hacked or stolen, and all other information other than financial details may have been compromised. As well as email addresses, that may include names, ages, addresses and phone numbers.

So aside from letting themselves down in terms of how and when they responded, Travelodge hasn't actually told customers anything about the personal information that has been lost. We'll let you know more if and when Travelodge issue an update; if you receive any further spam messages or news from Travelodge, let us know at [email protected]

Thanks to avid Bitterwallet reader Bill

TOPICS:   Social Media   Privacy   Scams


  • Denny
    "Travelodge has FINALLY admitted that its customer database has been hacked or stolen – over A DAY after customers informed them." Wow, over a day (but presumably less than two days), it's almost as though they took some time to confirm there was an issue and get their facts straight. The scoundrels.
  • yak
    lightning fast compared to sony
  • The B.
    In fairness to them, unlike many websites they actually allow you to pay on the fly so you don't have to store your card details with them, which if you were sensible you wouldn't.
  • dickens
    I love how bitterwallet readers wank on about the tiny details and never bother commenting the actual story.
  • Paul S.
    Denny - Twitter works in real time; chances are that any other company seeing dozens of messages warning they had a major security issue would at least respond to say they've seen the messages and are looking into the matter. Travelodge didn't bother saying anything for over a day - and that's the issue.
  • Paul S.
    And this morning, they're still avoiding saying what's actually happened, only confirming what's publicly known; that some customers received spam email: "Our investigation shows a small no. Of customers have received a spam email."
  • Stringer B.
    Shit a brick. They took a whole day to confirm that their security had been breached. The result is that many people will get a spam email. Who fucking cares. The world is full of cunts who spend all their days wanking and hacking. To steal a rake of email address' so they can spam us is hardly worth noting considering how often my inbox receives shitey spam anyway. As for taking "over a day"... better to confirm the facts, shore up the security; before telling the world that they had been hacked and inviting anyone else to attempt a hack. I remember when this site used to be worth a read... now it just regurgitates news websites with piss poor journalism.
  • Alex
    @Stringer Bell - "Who ******* cares"? I do! It's not just a list of email addresses. Each of these "shitey spam" emails were personally addressed using forename and surname taken from the customer database. This demonstrates they got the customer database. For customers of Travelodge, this mean they may have full home addresses and lists of dates they may be unoccupied. Not the sort of thing I like criminals who will sell on anything of worth to have.
  • celebrity
    I'm now not certain the place you're getting your information, but great topic. I must spend a while studying much more or figuring out more. Thank you for wonderful info I used to be in search of this information for my mission.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment