Whitbread's online recruitment system has suffered a data breach, affecting a number of the company's brands including Premier Inn, and the UK outlets of Costa Coffee.
The company that manages the system on its behalf, PageUp, stored information submitted to Whitbread by prospective or current employees.
In an email on Monday, Whitbread said “there is a possibility” that any data submitted in the course of recruitment “may have been accessed and could potentially (in combination with other information) be used for identity theft”.
Whitbread, listed in London, has more than 50,000 employees in the UK across its brands and said PageUp advised it that they weren’t aware of any fraudulent activity relating to the data it holds on its systems.
The company controls Costa Coffee in the UK, but this retail business in the Republic is run by MBCC Foods, which acquired the franchise rights from Whitbread in 2005.
The only Whitbread operation in the Republic is a Premier Inn outlet serving Dublin Airport. In Northern Ireland, Whitbread controls seven Premier Inns and about 20 Costa Coffee outlets.
“At Whitbread we take protecting your data very seriously and we are very sorry that this has happened,” the email said.
“We choose our partner organisations very carefully and take every possible step to ensure your data is always kept secure. We value all our job applicants and we want to repeat that we are very sorry that this has happened.”
In its email, Whitbread said contact details, biographical details and employment details, among others, were affected in the data breach.
It advised people to change the password they used if it was the same as on other online services.
In terms of its response, Whitbread said it suspended the use of PageUp as soon as it became aware of the incident and prevented current applicants from uploading their data into the system.