Ritz hotel data breach. What should you do if your data was stolen?

Kristi Blokhin / Shutterstock.com The Ritz Hotel sign, London, UK

The Ritz hotel in London is the latest business to be targeted by data scammers. In the high-profile privacy scandal, the hotel’s food and beverage reservation system was breached by cybercriminals.  The Ritz has confirmed that it became aware of the potential breach on August 12th. But what do we know about the Ritz data breach so far? 

While no credit card or payment details were compromised in the initial attack, scammers have since used the stolen data – which included telephone numbers – to contact guests. They have then tried to trick them into “confirming their payment card details” by claiming that deposits had been declined.

In this convincing phone-based identity fraud attack, the scammers even spoofed the hotel’s official number to make their con believable. And they knew when the guests’ reservations were due to take place.

Highlighting how sophisticated this attack was, some guests have shared how the scammer contacted them again – this time pretending to be from their banks. After trying to make several large fraudulent purchases, the scammer told the guests that to cancel suspicious transactions, they should read out the security code sent to their mobile phones. This would actually have authorised the payments.

The Ritz is just the latest hotel to fall victim to a cybersecurity incident. In 2018, a huge data breach put 339 million Marriott International customers at risk. And, while you think the hotel giant would have learned its lesson, in 2020 Marriott confirmed that it had suffered another data breach – this time involving the personal information of 5.2 million guests.

Who has been affected by the Ritz hotel data breach?


At the moment, it looks like there are two potential groups affected by the Ritz hotel data breach.

  • Guests who have had their data stolen
  • Guests who have had their data stolen and who have also been targeted by scammers.

The Ritz has emailed at-risk customers and has warned them that: 

“After a reservation has been made at the Ritz London, our team will never contact you by telephone to request credit card details to confirm your booking with us.”

If you have received this email, and want to ensure your privacy rights are respected, you can claim compensation with Keller Postman UK.

Who is to blame for the data breach?



How the cybercriminals managed to access the reservation system is still unknown. And the Ritz is continuing to investigate this breach of customer information.

However, in the majority of cases, online theft and extortion can only happen when an organisation fails to invest in proper security. And, if the Ritz failed to keep customer data safe, it must be held responsible.


Share this article: