Ritz London clients scammed after apparent data breach
Armed with personal data
stolen from the hotel's dining reservation system, fraudsters trick guests into
handing over their credit card details
The Ritz London has launched an investigation into a potential data breach that affected its food and beverage reservation system. The information stolen in the breach seems to have been used by fraudsters to worm their way into the wallets of the hotel’s clients.
In a series of tweets
shared over the weekend, the luxury hotel confirmed that it was made aware of
the potential breach on August 12th, adding that the compromised data did not include
any credit card or payment details. The hotel went on to notify all of its
affected customers as well as the authorities about the breach while it
investigates the incident further.
Even though, according
to the hotel, no payment information was compromised, it seems that the
cybercriminals behind the attack were after just that. According to the BBC, the miscreants leveraged the information obtained from the breach to
pull off a very convincing social engineering attack. To make their ruse even
more believable, they also spoofed the hotel’s official number.
Posing as hotel staff, the
scammers contacted clients who had made restaurant reservations at the Ritz,
asking them to “confirm” their bookings by disclosing their payment card
details. One of the victims speaking to the BBC confirmed that she was
contacted a day before her reservation.
RELATED
READING: 5 things you need to know about
social engineering
The fraudsters claimed that
her card was declined and requested that she provide an alternative bank card.
Once they were able to obtain the information, the ne’er-do-wells went on to
rack up charges of over £1,000 (some US$1,300) at Argos, a catalog retailer.
When the suspicious
transactions were flagged by the victim’s bank, the cybercriminals contacted
her again. However, this time they pretended to be from her bank and tried to deceive
her into disclosing the security code she’d received, stating they need it to
cancel the transaction, while the code would have, in fact, authorized it.
The Ritz is just the most
recent addition to the list of hotels that have fallen victim to similar
incidents. Last summer, MGM Resorts suffered a breach that affected 142 million of its former
guests. Hotel giant Marriott, meanwhile, was hacked twice in a span of two years.