14 DAY TRIAL // UK budget hotel chain Travelodge has confirmed that its email marketing database was breached earlier this year resulting in spam being sent to a number of its customers.
The company launched an investigation back in June after multiple customers reported receiving job spam on addresses they registered with the hotel chain.
From the start Travelodge denied that it sold its customer database to a recruitment firm, one of the possibilities advanced by affected users.
According to a statement recently sent to a customer and published in full by The Register, the spam was the result of the company's marketing database being hacked into.
"[...] We have been the unfortunate victims of a malicious attack because of the vindictive actions of one individual, who had access to an unencrypted section of our marketing database," the company writes.
It's not clear if this individual was a disgruntled employee, an unsatisfied customer, or another person with more complex reasons.
The company stressed that no financial data was accessed or compromised because it is stored on an off-site server in encrypted form. Also, no other information except for email addresses and names was exposed.
"A small number of customers' names and email addresses were stolen, and these were used for the spam email. We can also confirm that no home or business address details were taken," the company says.
The company notes that it hired independent experts to assess the security of its infrastructure and its policies. While these have been found to be strong, the firm plans to also start encrypting customer names and email addresses in the future.
People are advised not to respond to unsolicited job offers received via email or if they want to do so, they are encouraged to perform thorough background checks of the companies making the offers. Cyber criminals are known to recruit money mules by offering them jobs as account managers for foreign companies.