A data breach at RedCat Pub Company (affecting the Wherry Hotel in Oulton Broad) exposed customer details, including those of Marie Blowers, who later received a fraudulent WhatsApp message impersonating hotel staff. The scam requested her bank details under the guise of a 'standard security check,' threatening booking cancellation if unfulfilled. The breach was confirmed by the company, which admitted unauthorized access to limited customer data stored on a third-party system. However, affected individuals, including elderly and vulnerable customers like Ms. Blowers, were not promptly notified some only learning of the incident a month later through family intervention. The delay in communication heightened anxiety and left customers exposed to phishing attempts exploiting the leaked data. While the company claimed to have contacted customers via available channels, many, including Ms. Blowers, never received direct notification. The breach enabled scammers to target victims with tailored fraud schemes, leveraging trust in the hotel’s brand.
Source: https://www.lowestoftjournal.co.uk/news/25491160.lowestoft-woman-not-told-redcat-pub-data-breach/
TPRM report: https://www.rankiteo.com/company/redcat-pubs
"id": "red0803308092725",
"linkid": "redcat-pubs",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Multiple (including Marie '
'Blowers; exact number '
'undisclosed)',
'industry': 'Leisure and Hospitality',
'location': 'Oulton Broad, Lowestoft, UK',
'name': 'Wherry Hotel (RedCat Pub Company)',
'type': 'Hospitality (Pub/Hotel)'}],
'attack_vector': ['Third-Party System Compromise', 'Phishing (WhatsApp Scam)'],
'customer_advisories': 'Delayed and incomplete (per affected customer Marie '
'Blowers and her son Lee Blowers)',
'data_breach': {'data_exfiltration': 'Yes (limited customer data accessed)',
'personally_identifiable_information': ['Names',
'Contact Information '
'(likely phone '
'numbers)'],
'sensitivity_of_data': 'Moderate (sufficient for targeted '
'phishing)',
'type_of_data_compromised': ['Customer Contact Details',
'Booking Information']},
'date_detected': '2023-07-31',
'date_publicly_disclosed': '2023-08-31',
'description': 'A data breach at the Wherry Hotel, part of RedCat Pub '
'Company, resulted in unauthorized access to limited customer '
'data stored on a third-party system. This led to scam '
'messages being sent to affected customers, including Marie '
'Blowers, who received a fraudulent WhatsApp message '
"requesting her bank details under the guise of a 'standard "
"security check.' The breach was not promptly disclosed to all "
'affected individuals, causing distress, particularly among '
'elderly and vulnerable customers. The company claimed to have '
'contacted customers through available channels and notified '
'relevant authorities upon discovering the incident in late '
'July.',
'impact': {'brand_reputation_impact': 'Negative publicity due to mishandling '
'of breach notification, particularly '
'for vulnerable customers',
'customer_complaints': 'Criticism from Lee Blowers (son of '
'affected customer) regarding delayed '
'notification and lack of direct contact',
'data_compromised': ['Customer Contact Details',
'Booking Information'],
'identity_theft_risk': 'High (scam messages requested bank '
'details)',
'operational_impact': 'Customer trust erosion, increased anxiety '
'among affected individuals (e.g., Marie '
'Blowers)',
'payment_information_risk': 'High (scam targeted card '
'verification)',
'systems_affected': ['Third-Party System']},
'initial_access_broker': {'entry_point': 'Third-party system storing customer '
'data',
'high_value_targets': ['Customer Booking Data']},
'investigation_status': 'Closed (per company statement, issue resolved)',
'motivation': ['Financial Gain (Scam)', 'Data Theft'],
'post_incident_analysis': {'root_causes': ['Inadequate third-party system '
'security',
'Delayed or incomplete customer '
'notification']},
'references': [{'source': 'Local newspaper article (title unspecified)'}],
'regulatory_compliance': {'regulatory_notifications': 'Relevant authorities '
'notified '
'(unspecified)'},
'response': {'communication_strategy': ['Efforts to contact customers via '
'available channels (claimed '
'incomplete)',
'Public statement via spokesperson'],
'containment_measures': 'Unspecified actions to resolve the '
'issue',
'incident_response_plan_activated': 'Yes (claimed by RedCat Pub '
'Company)',
'law_enforcement_notified': 'Yes (relevant authorities '
'contacted)'},
'title': 'Data Breach at Wherry Hotel (RedCat Pub Company) Leading to '
'Phishing Scams',
'type': ['Data Breach', 'Phishing/Social Engineering'],
'vulnerability_exploited': 'Unauthorized access to third-party system storing '
'customer data'}