The Ritz is no ordinary five-star hotel. Known the world over as one of the most prestigious places to stay when in London, putting on the Ritz has led to the word itself, ritzy, entering the English language for something luxuriously elegant.
Dining at the Ritz is undoubtedly just that, and afternoon tea has become something of a British institution. An institution that has been targeted by hackers who have scammed customers for payment card details after a "potential data breach" within the hotel's food and beverage reservation system.
Ritz hotel diners targeted
As initially reported by the BBC, credit card scammers have been contacting people with restaurant reservations at the Ritz. The hackers appear to know the precise details of those restaurant bookings, which has made it even more convincing when they pose as hotel staff and tell victims they need to confirm their booking by providing card details again.
That the phone calls also appear to come from the actual telephone number associated with the Ritz makes for a very sophisticated scam indeed.
Tweeting from the Ritz
The Ritz took to Twitter on Saturday, August 15, to confirm that a data breach may have "compromised some of our clients' personal data."
The Ritz confirms potential data breach
Currently, it is not known how many people have been affected by this breach. I reached out to the Ritz for a statement regarding the incident, and a spokesperson told me:
"We can confirm that on 12th August 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data. This does not include any credit card details or payment information. We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how it happened and to prevent this from happening again. We have contacted all of our clients whose data may have been compromised and alerted the Information Commissioner's Office of the incident."
It is very early in the investigation and, no doubt, more information will become available as this progresses.
Ritz diners warned to be alert to spear-phishing threat
Meanwhile, Dan Panesar, a director at security incident response specialists Securonix, said, "Such a highly prestigious hotel will likely have some high profile clients information stored on this system. Although no credit card details seem to be included in the stolen data, hackers still have huge amounts of personal details, contact details and, of course, the details of reservations."
The risk extends beyond the initial credit card scam, of course, as Panesar points out. "Using this data in further cyberattacks is, unfortunately, becoming a reality as has been seen in a spate of recent spear-phishing attacks." Unlike less-focused phishing attacks, spear-phishing is highly customized towards an individual or business, and all the more likely to succeed because of it.