Is it just me or is there a data breach every other day? The latest is Travelodge, with its communication on the issue leaving a lot to be desired – the email it sent out was more confusing than comforting.
The hotel chain sent out an email to customers last week, signed by its Chief Executive, which was mainly concerned with telling us how important the security of our data was to them.
Sandwiched in between these proclamations was the news that a small number of customers may have received a spam email to the address they’d registered with Travelodge.
Where’s the clarity?
It all sounded a bit vague to me. A ‘small number of customers’ – does that mean me or not? And ‘may have received a spam email’ – I get spam emails daily, so why is this an issue? Is this spam email pretending to be from Travelodge? The whole statement was incredibly vague.
Travelodge’s email then went on to assure customers that it had not sold any customer data and no financial information had been compromised. But it’d be understandable if this didn’t really put your mind at rest, as it really wasn’t clear what was going on.
Travelodge also used its Twitter feed to update everyone of the situation, using the hashtag #Travelbotch, which gave the impression that it was perhaps taking a too light-hearted approach to the issue. This may not be quite so funny if you’re one of the customers who had their email address taken without permission. I’m all for companies using social networks to keep customers informed, but it has to be appropriate.
It all comes out…
Now, one of my colleague’s received Travelodge’s original email. She didn’t feel it was particularly enlightening and decided to get back to Travelodge to see if it could clarify the situation. It sent her through another statement, which gave a little bit more away:
‘We can confirm that it would appear that a third party has managed to obtain customer names and email addresses. No financial data has been accessed or compromised.’
Travelodge also said it had informed the Information Commissioner’s Office and had begun conducting an investigation into how this data leak happened.
Why couldn’t all of this been made much clearer in the original email? You shouldn’t have to chase a company to get the full story. Rather than simply saying ‘you may have received a spam email’, why didn’t it admit that a third party had got hold of customers’ emails and apologised for this fact?
As we’ve said before, apologetic emails don’t make up for losing our personal data – but sending an email that doesn’t even admit to the data breach is even worse.