/ Technology, Travel & Leisure

Did Travelodge make a bodge job of its data breach?

Email @ being hooked

Is it just me or is there a data breach every other day? The latest is Travelodge, with its communication on the issue leaving a lot to be desired – the email it sent out was more confusing than comforting.

The hotel chain sent out an email to customers last week, signed by its Chief Executive, which was mainly concerned with telling us how important the security of our data was to them.

Sandwiched in between these proclamations was the news that a small number of customers may have received a spam email to the address they’d registered with Travelodge.

Where’s the clarity?

It all sounded a bit vague to me. A ‘small number of customers’ – does that mean me or not? And ‘may have received a spam email’ – I get spam emails daily, so why is this an issue? Is this spam email pretending to be from Travelodge? The whole statement was incredibly vague.

Travelodge’s email then went on to assure customers that it had not sold any customer data and no financial information had been compromised. But it’d be understandable if this didn’t really put your mind at rest, as it really wasn’t clear what was going on.

Travelodge also used its Twitter feed to update everyone of the situation, using the hashtag #Travelbotch, which gave the impression that it was perhaps taking a too light-hearted approach to the issue. This may not be quite so funny if you’re one of the customers who had their email address taken without permission. I’m all for companies using social networks to keep customers informed, but it has to be appropriate.

It all comes out…

Now, one of my colleague’s received Travelodge’s original email. She didn’t feel it was particularly enlightening and decided to get back to Travelodge to see if it could clarify the situation. It sent her through another statement, which gave a little bit more away:

‘We can confirm that it would appear that a third party has managed to obtain customer names and email addresses. No financial data has been accessed or compromised.’

Travelodge also said it had informed the Information Commissioner’s Office and had begun conducting an investigation into how this data leak happened.

Why couldn’t all of this been made much clearer in the original email? You shouldn’t have to chase a company to get the full story. Rather than simply saying ‘you may have received a spam email’, why didn’t it admit that a third party had got hold of customers’ emails and apologised for this fact?

As we’ve said before, apologetic emails don’t make up for losing our personal data – but sending an email that doesn’t even admit to the data breach is even worse.

Comments
Profile photo of redkite
Member

For the reasons set out above (and others), if I want to buy something I research it in the internet and then order it by phone where possible, explaining why to the vendor. They invariably say that I’m far from being the only one who does this, and quite understand why.

To date my security has not been breached since I started using this method.

Member
Kate says:
5 July 2011

I have been purchasing and banking regularly on line for 12+ years and have never had a security problem. Maybe I have just been lucky, but I take online security very seriously. As far as I’m concerned you are just as vulnerable giving card details over the telephone. I use Travel Lodge but have not had an e mail. No point getting paranoid over it and I hope by now I can recognise a dodgy e mail when I see one.

Member
Tim says:
9 July 2011

Ordering by phone will make little difference. Almost always the company just inputs it into their online system anyway.

Member
Lorraine Garrod says:
26 October 2011

Forget about personal data being leaked over the internet. My daughter and I stayed at a Travel lodge – we did not tell anyone we were there and the receptionist banged on the door stating my daughters father was downstairs (who happened to have died last December). An ex partner of mine was able to receive information from the receptionist that my daughter and I were at the hotel. Have been declined a refund (we left the hotel the same night as we did not feel safe). I am seeking legal advice at the moment.

[Hi, we’ve edited out the location of the hotel for legal reasons. Thanks, mods]