follow-up: Travelodge blames 'vindictive individual' for email database breach

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2011/08/05/travelodge_email_snafu/

Travelodge blames 'vindictive individual' for email database breach
Hacker or disaffected worker mystery remains
By John Leyden
Posted in Spam, 5th August 2011 09:08 GMT

Travelodge UK has confirmed that a customer database security breach was 
behind the recent run of spam emails to its customers.

Customers complained in June after receiving spam messages punting 
suspicious-looking "work-at-home opportunities" to email addresses they 
only ever used to make reservations with the hotel chain. Travelodge 
admitted the incident, which it has repeatedly assured clients did not 
involve personal financial information. It promised to bolster its 
security, as well as referring the matter to data privacy watchdogs at the 
Information Commissioner's Office (ICO).

Travelodge assured customers at the time that it had not sold on its 
customer details, which left the possibility that the exposed email list 
has either been leaked or that the relevant database had been hacked. Reg 
reader Jeff, one of those exposed to the Travelodge spam, pressed the 
hotel chain for a fuller explanation, minus the corporate marketing speak. 
Jeff forwarded copies of a second work-at-home spam email, sent in 
mid-July, with his query.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/