Serviceteam IT Security News

Armed with personal data stolen from the hotel’s dining reservation system, fraudsters trick guests into handing over their credit card details

The Ritz London has launched an investigation into a potential data breach that affected its food and beverage reservation system. The information stolen in the breach seems to have been used by fraudsters to worm their way into the wallets of the hotel’s clients.

In a series of tweets shared over the weekend, the luxury hotel confirmed that it was made aware of the potential breach on August 12th, adding that the compromised data did not include any credit card or payment details. The hotel went on to notify all of its affected customers as well as the authorities about the breach while it investigates the incident further.

Even though no payment information was compromised according to the hotel, it seems that the cybercriminals behind the attack were after just that. According to the BBC, the miscreants leveraged the information obtained from the breach to pull off a very convincing social engineering attack. To make their ruse even more believable, they also spoofed the hotel’s official number.

Posing as hotel staff, the scammers contacted clients who had made restaurant reservations at the Ritz, asking them to “confirm” their bookings by disclosing their payment card details. One of the victims speaking to the BBC confirmed that she was contacted a day before her reservation.

RELATED READING: 5 things you need to know about social engineering

The fraudsters claimed that her card was declined and requested that she provide an alternative bank card. Once they were able to obtain the information, the ne’er-do-wells went on to rack up charges of over £1,000 (some US$1,300) at Argos, a catalog retailer.

When the suspicious transactions were flagged by the victim’s bank, the cybercriminals contacted her again. However, this time they pretended to be from her bank and tried to deceive her into disclosing the security code she’d received, stating they need it to cancel the transaction, while the code would have, in fact, authorized it.

The Ritz is just the most recent addition to the list of hotels that have fallen victim to similar incidents. Last summer, MGM Resorts suffered a breach that affected 142 million of its former guests. Hotel giant Marriott, meanwhile, was hacked twice in a span of two years.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!