Expert Comments

Experts comments on Ritz hotel targeted by scammers

Expert(s): Security Experts
Expert(s): Security Experts

Scammers are tricking the world’s most famous hotels customer to give up their credit card details. Ritz London posted several tweets on the discovery of an apparent breach of its food and beverage reservation system that “may have compromised some of our clients’ personal data,” and are now investigating the matter. The cybersecurity experts commented below on the danger of scam and what are the best strategies to overcome such attacks.

Experts Comments

August 18, 2020
Martin Jartelius
CSO
Outpost24
This is an interesting example of how seemingly trivial information can be used in ways we did not anticipate, the fact here is that an attacker by learning information you thought was entrusted only to a certain organisation uses the information to aid in committing fraud against the victims. It plays on both having this information as well as the ability to use a degree of social pressure as the information is needed to “help” the victim with their booking, so a victim not only feels the.....Read More
This is an interesting example of how seemingly trivial information can be used in ways we did not anticipate, the fact here is that an attacker by learning information you thought was entrusted only to a certain organisation uses the information to aid in committing fraud against the victims. It plays on both having this information as well as the ability to use a degree of social pressure as the information is needed to “help” the victim with their booking, so a victim not only feels the identity of the caller is established, they are in a socially uncomfortable situation of having to refuse information to someone only helping them out, which is awkward to most.  Read Less
August 17, 2020
Dan Panesar
Director UK & Ireland
Securonix
The Ritz Hotel is notifying customers that it’s food and beverage booking system has been compromised. Such a highly prestigious hotel will likely have some high profile clients information stored on this system. It’s not known how the data was accessed and details are still emerging. Although no credit card details seem to be included in the stolen data, hackers still have huge amounts of personal details, contact details, and of course the details of reservations. Fears must be that.....Read More
The Ritz Hotel is notifying customers that it’s food and beverage booking system has been compromised. Such a highly prestigious hotel will likely have some high profile clients information stored on this system. It’s not known how the data was accessed and details are still emerging. Although no credit card details seem to be included in the stolen data, hackers still have huge amounts of personal details, contact details, and of course the details of reservations. Fears must be that unsuspecting customers will be contacted by the hackers to “confirm” bookings and try to tempt customers to give over credit card details. Using this data in further cyberattacks is, unfortunately, becoming a reality as has been seen in a spate of recent spearphishing attacks. Spearphishing is the evolved concept of phishing campaigns (mass spam emails or phone calls ) that are tailored towards individuals. It uses personal information, or imitates somebody the individual trusts like someone claiming to be from the Ritz Hotel, for example.  Read Less
August 17, 2020
Stuart Reed
UK Director
Orange Cyberdefense
Yet again, another well-known brand is at the heart of a cyber attack involving customer data. It appears that social engineering has taken place on The Ritz diners using compromised details. The incident is a stark reminder to The Ritz, and indeed any organization that holds customer data, of the critical need for good data hygiene. The Ritz will undoubtedly be launching its own investigation and I expect it will be working closely with those impacted to resolve the situation. I also expect.....Read More
Yet again, another well-known brand is at the heart of a cyber attack involving customer data. It appears that social engineering has taken place on The Ritz diners using compromised details. The incident is a stark reminder to The Ritz, and indeed any organization that holds customer data, of the critical need for good data hygiene. The Ritz will undoubtedly be launching its own investigation and I expect it will be working closely with those impacted to resolve the situation. I also expect that they will share their findings with a wider audience as appropriate and as further details emerge. Whilst this may not be an example of a multi-million-pound breach, it shows again that data has a value and no one is immune to the attention of cybercriminals. It is therefore essential to have robust policies, procedures, and education, along with enabling technology, in place to mitigate risk and minimise impact when, not if, breaches occur. If in doubt, organisations should work with a trusted specialist to ensure all cybersecurity practices are appropriate to their organisation. In general, businesses and individuals should be very clear that if someone you don't know calls you and asks you for sensitive information, take their details and call them back on a trusted number. It is vital that you do not share personal information with anyone you cannot verify.  Read Less
August 17, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
Cybercriminals are opportunists - once these individuals have gained access to information, they are likely to leverage this for financial gain. This information can often be used in social engineering tactics, be it phishing, smishing, fishing, etc. and the more information they have, the more convincing the attempt. Individuals should be vigilant at all times of any attempt to ascertain sensitive data such as banking information. If in doubt, contact the source directly.
August 17, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Compromising systems are usually one half of any hack. The second part is knowing how to monetise the information. In many cases, information relating to individuals can be used to launch social engineering attacks against the victims. This can range from sending phishing emails, to physical mail, text messages, or phone calls. Because the criminals have access to sensitive information, they can sound very convincing and it can make it very difficult for people to identify it as fraudulent.....Read More
Compromising systems are usually one half of any hack. The second part is knowing how to monetise the information. In many cases, information relating to individuals can be used to launch social engineering attacks against the victims. This can range from sending phishing emails, to physical mail, text messages, or phone calls. Because the criminals have access to sensitive information, they can sound very convincing and it can make it very difficult for people to identify it as fraudulent activity. In today's connected world, it is far too easy for criminals to get personal information on individuals from any number of sources. Therefore, people should always be wary of any call claiming to be from their bank or trusted reseller and should refrain from giving financial or other sensitive information over calls that they have not initiated themselves. When in doubt, they should end the call, and phone the provider themselves using a known number.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts