Travelodge has confirmed that a "small number" of customers have received a spam e-mail via a third party, but insists that no financial data is at risk.
But the company has not responded to requests for more details about the breach, including the exact number of customers affected.
News of the data breach emerged when the hotel chain sent a message to some online customers warning them to be on the look-out for spam e-mails.
"We have informed the Information Commissioner's Office of this issue and we are currently conducting a comprehensive investigation to see how this has happened," the company said in a statement.
According to Travelodge UK, the company conducts quarterly independent audits to ensure appropriate security controls are in place across all of its IT functions and systems.
"The most recent tests were undertaken just two weeks ago and we were given a clean bill of health for all of our IT functions, systems and databases," the company said.
Travelodge claims the data breach is limited to customer names and e-mail addresses and that no financial data has been accessed or compromised.
"All financial data held by us, including credit card information, is held on a standalone, off-site separate server. The data itself is encrypted and complies with current best practice standards and is annually audited to PCI [Payment Card Industry] requirements," the company said.
It has apologised to customers for the inconvenience caused, but says it is totally safe for customers to continue making online bookings.
"We are currently working around the clock to find out exactly how this has happened and we will continue to work diligently to protect our customers' personal information. We will update our customers as soon as we have more information to share," the statement concludes.