Travelodge customer data stolen Published duration 24 June 2011

image caption Travelodge invites customers to register on its website for special deals and online booking

Travelodge is investigating an apparent hacking attack on its customer database.

A spokesperson for the hotel chain said that a "third party" had managed to obtain names and e-mail addresses.

The company warned users of its online service to be on the lookout for spam e-mails.

The incident has been reported to the UK's information commissioner who can fine businesses for poor data protection.

A letter to customers , signed by the Travelodge's chief executive Guy Parsons, contained little information about the nature of the leak, although it stressed that the company had not sold users' personal data to anyone else.

It also included details of a spam e-mail that some customers had received.

"Good day. Don't miss exciting career opening. The company is seeking for self-motivated people in United Kingdom to help us spread out our activity in the UK area," said the message.

A spokesperson for the information commissioner Christopher Graham, said that he was looking into the Travelodge reports.

"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken," said the statement.

The ICO has the power to levy fines of up to £500,000 on companies or organisations which are shown to have failed to protect personal information entrusted to them.

Phishing trip

Stealing names and e-mail addresses is a favoured tactic of cyber criminals, who use the information to send "phishing" messages to the affected customers.

In many cases, they pose as the company that the data was stolen from in the first place.

Typically, recipients are asked to click on a link that will infect their computer with malicious software. Alternatively, the criminals may solicit financial information directly.

Security experts advise users to pay close attention to the address where an e-mail is sent from and the web URL of any links it contains.

Even when these look genuine, people should avoid handing over secure information in response to unsolicited messages.