A hacker attack on a database used for the loyalty programs of several leading hotel groups has leaked the names and email addresses of business travellers who stay at Hilton, Marriott and Ritz-Carlton hotels.
US marketing firm Epsilon, which counts all three hotel groups among its top-tier list of clients, says a breach of its computer system has led to “Epsilon clients’ customer data” being “exposed by an unauthorized entry into Epsilon's email system.”
The company stresses that “the information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk.”
Members of Hilton’s Honours (or Hhonors) loyalty program, Marriott Rewards and Ritz-Carlton Rewards programs are all warned to expect an increase in potential email scams.
They should be especially wary of targetted ‘phishing attacks’ created by knowing a target’s name, email address and that they have a relationship with a particular loyalty program.
This can result in carefully crafted emails which seem legitimate but can trick the recipient into revealing more sensitive information such as account numbers and passwords.
Both Hilton and Marriott have assured customers that the attack has not revealed “sensitive customer information such as physical addresses, point balances, account logins and passwords, credit card information or other personal data.”
“The files accessed did not include any customer financial information” Hilton told customers in an email. “The most likely impact, if any, would be receipt of unwanted e-mails.”
Other high-profile Epsilon clients whose customer rosters were exposed during the attack include Barclays Bank, Citibank and US Bank; Tivo; Lacoste, Target and Best Buy.