Travelodge customers spammed after email breach

Hotel chain Travelodge is warning its customers that email addresses registered with the company may have been compromised and used to send them spam.

In an statement to customers on Thursday, which conspicuously avoids mention of a hack, chief executive of the chain, Guy Parsons, revealed that "a small number of you may have received a spam email via the email address you have registered with us".

"Please be assured, we have not sold any customer data and no financial information has been compromised," he added.

"All financial data (including credit card information) is compliant with current best practice standards and is audited to PCI [Payment Card Industry] requirements."

The firm has informed the Information Commissioner's Office and is "conducting a comprehensive investigation into this issue".

News of the data breach first surfaced on Wednesday after several Travelodge consumers complained to the company that they had received the spam messages, which encourages recipients to reply to an "exciting profession opportunity".

While not as serious as many of the big name hacks in recent weeks, the incident again highlights the increasing care organisations have to take around securing their customer details, or risk a flood of bad publicity and potential reputational damage.

Ash Patel, UK country manager for security firm Stonesoft, argued that even with just their email details stolen, customers may still be at risk.

"Despite the fact that the Travelodge is reassuring its customers that hackers didn't steal any financial data and that they only managed to get away with names and emails addresses doesn't make this any better," he said.

"The hackers could now use the information they have obtained and target the customers with phishing emails and obtain such things as bank details by persuading them to open a malicious attachment which may then install malware or Trojans on to their PC."