CUSTOMER DATA

Scope of Best Western Customer Data Breach Open to Debate

Print Version
E-Mail Article
Reprints

By Jordan Robertson
AP
08/27/08 8:29 AM PT

Hackers may have stolen data on 8 million Best Western customers in Europe, or maybe it was fewer than a dozen. It's a question of magnitude, but a Scottish newspaper is standing by its claim that a massive data heist resulted from the breach of a reservations computer at one of the chain's German hotels.


Peak Oil & Sustainability: CRM's Potential Impact
This free white paper describes how the CRM industry can help companies to fend off the worst effects of increasing energy costs and highlights 10 Innovations that CRM Vendors Should Consider. Download Now [388k | 12 pgs].

Did a computer intrusion at a Best Western hotel in Germany open the door for a hacker Latest News about hacker to steal the records of 8 million customers and pull off "the greatest cyber-heist in world history," as a Scottish newspaper put it?

Or was the incident a significantly more minor affair, affecting only 10 customers at the one facility, as claimed by Best Western International?

The Phoenix-based hotel chain and the Sunday Herald newspaper of Scotland are duking it out over the paper's story on the data breach. Best Western calls the article "grossly unsubstantiated" and "largely erroneous."

Huge Discrepancy

The story said a hacker installed a malicious program on a computer used for reservations at a Best Western hotel, and used it to steal a database containing details on every customer who checked into any of Best Western's 1,312 European hotels since 2007.

The hacker then sold the database through an "underground network operated by the Russian mafia," the story claimed.

Best Western acknowledged that a hacker infiltrated the computer network of one of its hotels in Berlin and installed a data-stealing Trojan horse program on one of the machines.

But Best Western claims the breach was limited to the one hotel and said the hacker didn't have access to other facilities' networks. Best Western said just 10 customers were affected, adding that the FBI and other law enforcement agencies are investigating.

Standing Behind Story

The company said it purges guests' credit card and other data from its systems within seven days of their checkout.

That's a good security practice, but it's not necessarily enough to stop an attacker from stealing the data with a malicious program that grabs information as it is originally entered into the computer system.

Iain Bruce, who is the Sunday Herald's technology editor and the reporter who broke the story, told The Associated Press that the paper stands by the article.

He provided screen shots of what appeared to be Best Western's reservation system and personal details on one of the customers listed there. Though the screen shots show a tool that lets users search records dating back to 2007, it's unclear how much personal information such a search would yield.

Ten customers' names are listed on the screen shot, but the list appears to go on longer, off the screen.

Bruce did not immediately respond to further questions about where he got the screen shots or what proof he had that millions of customers' accounts were compromised.

On that count, Best Western's statement was firm: "There is no evidence of any unauthorized access to any other customer data."

© 2008 Associated Press. All rights reserved.
© 2008 ECT News Network. All rights reserved.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints   RSS

Related News Alerts

Hacker Activate Alert | Search Archives

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]