Travelodge leaks customer data in possible cyber attack

Budget hotel chain Travelodge has seen its customers subjected to phishing attacks in an apparent breach of its customer database.

The company warned potential victims of the attacks in a letter, which stated: "Our main priority is to ensure the security of our customer data, which is why I wanted to make you aware that a small number of you may have received a spam email via the email address you have registered with us."

Speaking to Computing, a Travelodge spokesperson claimed that no financial details had been breached. "All financial data held by us, including credit card information, is held on a standalone, off-site, separate server. The data itself is encrypted and complies with current best practice standards and is annually audited to PCI (Payment Card Industry) requirements."

The company stated on its Twitter feed that it had not sold customer records, meaning that the data breach is likely to have been the result of a cyber attack.

It added that the Information Commissioner's Office was informed of the breach yesterday under the hashtag 'travelbotch'.

Travelodge maintained that its security processes are adequate. "We routinely conduct quarterly independent audits to ensure appropriate security controls are in place across all of our IT functions and systems. The most recent tests were undertaken just two weeks ago and we were given a clean bill of health for all of our IT functions, systems and databases."

The phishing email takes the form of a letter apparently offering a job with a 'brilliant income activity'.

Travelodge advises its customers to delete the message as soon as it is received.

Recently, large companies such as Sony, Sega and secure token specialists RSA have lost data in cyber attacks.