Ritz Food and beverage customers contacted by scammers
The Ritz London has reported a data breach involving their restaurant customers’ information. It includes customer contact information along with hotel dining reservation details. The fraudsters are using the data to contact Ritz customers and steal their payment cards.
The stolen data was taken from the Ritz’s ‘Food and Beverage Reservation System.’ It is still unknown how the fraudsters acquired the data.
The Ritz London is a luxury hotel that is famous across the globe as for its opalescence, high teas, and Louis XVI style.
Ritz Fraudsters Call Customers
The scammers are using the contact information in the reservation system to telephone guests who have restaurant reservations at the Ritz. During the phone calls, the scammers impersonate hotel staff and tell the customers that they need to confirm their dining reservations with a payment card. The calls spoof caller ID and appear to come from a real Ritz London phone number.
The Ritz confirmed that it was “aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data.”
Protect your money and your identity with IBM Watson® Artificial Intelligence before it’s too late. Get it now
Caller ID Spoofing
Customers who have high tea and restaurant reservations have been contacted directly by the fraudsters via phone calls. Several customers have reported that the scammers has telephoned them asking for credit card numbers to confirm their dining reservations. The calls are rather convincing because the caller ID is spoofed and the fraudster knows the correct details of the restaurant booking, says a report in the BBC.
Spoofing caller ID is easy and can be accomplished with cheap hardware purchased online.
If the victim is fooled by this rather persuasive scheme, the fraudsters attempt to run up credit card charges at online shops. One customer reported that the fraudsters had not once, but twice contacted her to get a second payment card. Her back detected the fraudulent charges and blocked the first card. The scammer called a second time, posing as a bank employee, telling her that her card had been declined. She was asked to read the two-factor authentication (2FA) security code that had been sent to her phone.
The Ritz London tweeted on Saturday, 15 August to confirm the data breach on 12 August. “We can confirm that on 12th August 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data. This does not include any credit card details or payment information. We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how it happened and to prevent this from happening again. We have contacted all of our clients whose data may have been compromised and alerted the Information Commissioner’s Office of the incident.”
It’s unclear if the hotel’s IT network or reservation systems has been infected with malware.
Ritz Customers Notified
The Ritz told the BBC that it has already emailed all customers who are potentially affected by the data breach. “After a reservation has been made at the Ritz London, our team will never contact you by telephone to request credit card details to confirm your booking with us” warns the email to customers.
The company stated that it has informed the U.K.’s Information Commissioner’s Office (ICO) to the suspected breach. Under the General Data Protection Regulation (GDPR) the company has 72 hours from when they become aware of a data breach to inform the ICO.