Click on a label to read posts from that part of the world.
Best Western (Europe) becomes the victim of the largest data theft in the world (UPDATED)
The European operation of the Best Western hotel chain has become the victim of a massive cyber-theft attack. By placing a "keylogger" on a corporate computer connected to their reservations system, a whopping 8 million customer records were stolen. Included in the records are names, address, phone number, credit card numbers and employment information.The records were stored for every single customer who stayed at one of 1300 European Best Western hotels since 2007. The Sunday Herald reports that the theft was carried out by an Indian hacker, who then put the information up for sale on an underground web site, operated by the Russian Mafia. The entire story sound like it was copied right out of a spy novel.
The whole thing is extremely embarrassing for Best Western, who have handed control of their European computer operations over to their American colleagues. According to a UK based Best Western spokesperson, the company is "taking appropriate action". Of course, none of this will be of any use to people who have lost their information, and credit card companies might have no other option than to issue millions of new cards to victims of this theft.
If you stayed at a Best Western hotel in Europe in the past year, you may want to contact your credit card provider, and keep a close eye out for trasnactions you did not approve.
Source: Sunday Herald (via Slashdot), Image from Flickr.
UPDATE: Best Western have conducted an internal investigation and "found no evidence of 8 million stolen records" (PDF file). I'm sure time will tell whether this was all all elaborate hoax by an amateur hacker.
Filed under: News
Reader Comments (Page 1 of 1)
Benjamin Wright Aug 25th 2008 3:48PM
Scott: Best Western now says only a handful of records were compromised, not millions. Data security investigations are complex, and they require patience. As we learned from the TJX experience, it is easy for the press and for authorities to over-react. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html
Scott Carmichael Aug 25th 2008 4:17PM
Thanks Benjamin. I have updated the article. I agree that the "media" will tend to exaggerate these articles, but when it comes to data security I've seen too many cases where data theft happened, and the company initially ignored the risks. In this specific case, I am happy Best Western took matters serious and conducted their own investigation.
R Phillips Aug 25th 2008 9:51PM
Whew! That scared me. Fortunately we've never been in Europe. Only stayed in Best Western here in the US.