The Ritz Hotel in London has launched an investigation into a data breach in which fraudsters may have posed as staff members to steal credit card data.
In a series of messages posted on Twitter on August 15, the luxury hotel chain Ritz said that on August 12, the company was informed of "possible data breaches in the food and beverage booking system".
Ritz London added that this may have led to a breach of "certain personal data of our customers".
While the hotel said the security incident did not contain credit card information or payment information, the leaked data may have been used in a fraud social engineering designed to steal more valuable finances information - directly from the source.
According to the BBC, the scammers called the holders of Ritz restaurant reservations with the "exact" details of their reservations, at the same time asking for the confirmation of their payment card details.
The scammers, who pretended to be Ritz employees, used "call ID spoofing" to show that they were from the hotel.
A visitor said a scammer called him the day before he was due to visit the Ritz for afternoon tea. After asking to "confirm" his details, the scammer said his card had been rejected and then asked for a second payment card.
The scammer then attempted to make a series of trades in excess of £ 1000 from Argos.
However, the guest bank spotted the weird payments. Maybe knowing it was possible, the scammer called again - but this time, he pretended to be from his bank to get the three-digit code security from the back of the payment card, which would allow future transactions.
Another woman told the BBC that she had been used tactic, but turned down the call because the scammer on the other end of the line could not provide details about the hotel - things he should have known if he was a real hotel employee.
"We immediately launched an investigation to determine the cause of the breach, which is ongoing, to find out what happened and how and to be able to prevent this from happening again," said the hotel chain.