The Ritz hotel in London is the latest business to be targeted by data scammers. In the high-profile privacy scandal, the hotel’s food and beverage reservation system was breached by cybercriminals. The Ritz has confirmed that it became aware of the potential breach on August 12th. But what do we know about the Ritz data breach so far?
While no credit card or payment details were compromised in the initial attack, scammers have since used the stolen data – which included telephone numbers – to contact guests. They have then tried to trick them into “confirming their payment card details” by claiming that deposits had been declined.
In this convincing phone-based identity fraud attack, the scammers even spoofed the hotel’s official number to make their con believable. And they knew when the guests’ reservations were due to take place.
Highlighting how sophisticated this attack was, some guests have shared how the scammer contacted them again – this time pretending to be from their banks. After trying to make several large fraudulent purchases, the scammer told the guests that to cancel suspicious transactions, they should read out the security code sent to their mobile phones. This would actually have authorised the payments.
The Ritz is just the latest hotel to fall victim to a cybersecurity incident. In 2018, a huge data breach put 339 million Marriott International customers at risk. And, while you think the hotel giant would have learned its lesson, in 2020 Marriott confirmed that it had suffered another data breach – this time involving the personal information of 5.2 million guests.
Who has been affected by the Ritz hotel data breach?
At the moment, it looks like there are two potential groups affected by the Ritz hotel data breach.
- Guests who have had their data stolen
- Guests who have had their data stolen and who have also been targeted by scammers.
The Ritz has emailed at-risk customers and has warned them that:
“After a reservation has been made at the Ritz London, our team will never contact you by telephone to request credit card details to confirm your booking with us.”
If you have received this email, and want to ensure your privacy rights are respected, you can claim compensation with Keller Lenkner UK.
Who is to blame for the data breach?
How the cybercriminals managed to access the reservation system is still unknown. And the Ritz is continuing to investigate this breach of customer information.
However, in the majority of cases, online theft and extortion can only happen when an organisation fails to invest in proper security. And, if the Ritz failed to keep customer data safe, it must be held responsible.
Make a compensation claim following the Ritz hotel data breach
At Keller Lenkner UK, our expert data breach lawyers help people to make successful cybercrime claims against companies that have failed to protect their data from fraudsters and hackers.
Specialists in data breach law, we understand what it takes to make a successful data breach claim, regardless of the type of organisation involved.
How to protect yourself following the Ritz hotel data breach
To keep yourself safe after the Ritz hotel data breach, the Keller Lenkner UK expert data breach lawyers have provided some helpful advice.
- Contact your bank or credit card provider immediately if your financial data has been exposed
- Check all bills and emails for goods or services you have not ordered
- Check your bank account for unfamiliar transactions
- Alert your bank or credit card provider immediately if there is any suspicious activity
- Monitor your credit score for any unexpected dips
- Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
- Never provide your PIN or full password to anyone (even someone claiming to be from your bank)
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Follow the security instructions provided by the Ritz hotel
- Never automatically click on any suspicious links or downloads in emails or texts
- Don’t assume an email or phone call is authentic just because someone has your details
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details
- Know that, even if you recognise a name or number, it might not be genuine
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
- Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction
- Listen to your instincts and ask questions if something feels “off”
- Refuse requests for personal or financial information and stop discussions if you are at all unsure
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine
- Be cautious of unsolicited communications that refer you to a web page asking for personal data
- Don’t accept friend requests from people you don’t know on social media
- Review your online privacy settings.
In this case, the hotel has said it will never phone customers asking for payment information to "confirm" a booking. So, if you receive a suspicious call, hang up and call the hotel back later - or from a different phone - using the number on the Ritz’s official website.
- Register with the Cifas protective registration service to slow down credit applications made in your name
- Change your passwords regularly and use a different password for every account (a password manager can help with this)
- Protect your devices with up to date internet security software.
MAKE A REPORT TO ACTION FRAUD
You should report suspected fraud attempts to the police and Action Fraud
MORE ABOUT ACTION FRAUD
Find out more about the reporting centre for fraud and cybercrime in England & Wales