FYI: Revealed: 8 million victims in the world's biggest cyberheist [Best Western Hotel group]

Richard Clayton ukcrypto at chiark.greenend.org.uk
Mon, 25 Aug 2008 04:19:48 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <1271593833.20080824144026@originalthinktank.org.uk>, Chris
Salter <ukcrypto@originalthinktank.org.uk> writes

>sundayhearald | Revealed: 8 million victims in the world's biggest
>cyber heist.
>August 24, 2008.
>
>EXCLUSIVE: Sunday Herald uncovers theft of data from every guest in
>1300 Best Western Hotels in past 12 months

they're denying it !

there's a press release out, eg here:

<URL:http://www.businesswire.com/portal/site/google/?ndmViewId=news_view
&newsId=20080824005028&newsLang=en>

   The story printed in the Sunday, August 24, 2008, Glasgow Sunday
   Herald claiming a security breach of Best Western guest information
   is grossly unsubstantiated. Claims reported about our Central
   Reservations customer records are not accurate. We at Best Western
   take the confidentiality of our customers' personal information very
   seriously. The Sunday Herald reporter brought to our attention the
   possible compromise of a select portion of data at a single hotel; we
   investigated immediately and provided commentary. Best Western would
   have welcomed the opportunity to fact-check the story, which would
   have resulted in more accurate and credible reporting on the part of
   the newspaper. We have found no evidence to support the sensational
   claims ultimately made by the reporter and newspaper. 

   Most importantly, whereas the reporter asserted the recent compromise
   of data for past guests from as far back as 2007, Best Western purges
   all online reservations promptly upon guest departure. 

... etc (the rest being motherhood and apple pie)


there's a running commentary in Information Week:

<URL:http://www.informationweek.com/blog/main/archives/2008/08/update_be
st_wes.html>

which comes down to saying that motherhood and apple pie is all very
well, but it may be too early to be sure about the nature of the attack.

the front page of the UK site is a bit more circumspect than the Press
Release:

http://www.bestwestern.co.uk/

   Best Western were notified of a security breach to its data systems
   on Friday afternoon and responded by closing this breach immediately.
   We are carrying out further investigations to ensure that all
   relevant procedural standards are met, and that the interests of our
   guests are protected. We do not believe the security breach has
   impacted GB customers but further investigations continue. We would
   like to offer reassurance to customers that all measures are taken to
   protect customer information and that Best Western takes any attack
   on this very seriously. 

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSLIk1JoAxkTY1oPiEQLuzQCfV3rTK2w4b8SUeCPwpqARjZ9gdM4AnRXT
3wxQdVYe2C6ovEO1Z0rvYmA5
=2NaV
-----END PGP SIGNATURE-----