London’s top hotel ‘s clients became vulnerable to phone-based identity fraud attacks after the hotel reported data breach.
The Ritz is one of the top five-star hotels in not just the UK but the whole world. Therefore, it is quite concerning that a hotel that charges £2000 per night has lackluster security measures in place.
On 17 August, the hotel tweeted about suffering a security breach on 12 August 2020. According to the hotel, its food and beverage reservation system was attacked, which may have exposed its clients’ data. However, the hotel confirmed that payment details or credit card data weren’t compromised.
Currently, they are investigating the incident.
We can confirm that on 12th August 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data. This does not include any credit card details or payment information, read one of the tweets posted by The Ritz’ management.
Reportedly, one of the hackers linked booking information to the hotel’s restaurant’s reservation system. Afterward, they started calling all the clients whose names appeared in the booking information, pretending to be the hotel’s staff and asking them to confirm their credit card details.
The hotel’s IT staff couldn’t promptly tackle the incident, which allowed attackers to use stolen guest data to carry out identity frauds.
One of the victims claims that the fraudsters spoofed incoming numbers to appear as genuine Ritz staff members. Moreover, some victims claim that callers asked them to read out the one-time passcodes sent to their devices to prevent a fake transaction.
However, the victims didn’t know that the scammers needed the passcode to enable transactions. That’s exactly what they did, as so far the scammers have raked in over $1,300/1,000 British pounds.
We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how and to prevent this from happening again. We have contacted all of our clients whose data may have been compromised and alerted the ICO of the incident.
— The Ritz London (@theritzlondon) August 15, 2020
Never give your payment card details to anyone who calls you, regardless of how convincing the person sounds to you. Remember that banks would never ask for this information, and if you do need to discuss a bank matter, call on the number printed on the backside of your payment card.