Travelodge customer database hacked or stolen
Travelodge has finally admitted that its customer database has been hacked or stolen - over a day after customers informed them. However, the hotel chain has not confirmed what happened, nor has it stated what information has been lost - only that it has "not sold any customer data and no financial information has been compromised."
Customers became aware of the problem when they started receiving spam email that used a unique email address only registered with Travelodge. The issue was first mentioned on Twitter as early as Wednesday:
Several more customers confirmed the issue and contacted the company both through Twitter and email, but Travelodge remained silent on the matter for a day. It took until yesterday lunchtime for the company to inform customers about the issue, but then only those who used Twitter:
While Twitter is an invaluable tool for customer services, it's hardly the place to announced major security announcements to a broad customer base, since the majority won't use it. Instead, it took Travelodge another three hours to finally email their customers:
Our main priority is to ensure the security of our customers' data, which is why I wanted to make you aware that a small number of you may have received a spam email via the email address you have registered with us.Please be assured we have not sold any customer data and no financial information has been compromised.
All financial data (including credit card information) is compliant with current best practice standards and is audited to PCI (Payment Card Industry) requirements.
The safety and security of your personal information is of the utmost importance to us and as a result we are currently conducting a comprehensive investigation into this issue.
If you receive an email similar to the one shown here, please delete it as spam.
If you have any questions regarding this matter, please email: [email protected] A further update will be given, when we have completed our investigation.
What's interesting about the email is what it doesn't mention; all we know is that customer's financial information is intact. However, the choice of wording - "we have not sold any customer data and no financial information has been compromised" - is very specific; customer records were therefore either hacked or stolen, and all other information other than financial details may have been compromised. As well as email addresses, that may include names, ages, addresses and phone numbers.
So aside from letting themselves down in terms of how and when they responded, Travelodge hasn't actually told customers anything about the personal information that has been lost. We'll let you know more if and when Travelodge issue an update; if you receive any further spam messages or news from Travelodge, let us know at [email protected]
Thanks to avid Bitterwallet reader Bill