FYI: Revealed: 8 million victims in the world's biggest cyberheist
[Best Western Hotel group]
Wendy M. Grossman
ukcrypto at chiark.greenend.org.uk
Mon, 25 Aug 2008 11:46:49 +0100
Well, BW may deny it - and they may be right. Otoh, last night I
discovered that Amex sent me email saying there'd been some weird
charges on my account and asking me to call. And my card had indeed been
cloned in some way (the thief downloaded some games and - probably
unfortunately for him - bought some flowers for delivery to an address
in Florida). I've always used Amex a lot both online and off and never
had this happen before - and I did stay in a BW last September. Not
enough evidence to presume a link, but the timing is interesting
nonetheless.
wg
Richard Clayton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <1271593833.20080824144026@originalthinktank.org.uk>, Chris
> Salter <ukcrypto@originalthinktank.org.uk> writes
>
>> sundayhearald | Revealed: 8 million victims in the world's biggest
>> cyber heist.
>> August 24, 2008.
>>
>> EXCLUSIVE: Sunday Herald uncovers theft of data from every guest in
>> 1300 Best Western Hotels in past 12 months
>
> they're denying it !
>
> there's a press release out, eg here:
>
> <URL:http://www.businesswire.com/portal/site/google/?ndmViewId=news_view
> &newsId=20080824005028&newsLang=en>
>
> The story printed in the Sunday, August 24, 2008, Glasgow Sunday
> Herald claiming a security breach of Best Western guest information
> is grossly unsubstantiated. Claims reported about our Central
> Reservations customer records are not accurate. We at Best Western
> take the confidentiality of our customers' personal information very
> seriously. The Sunday Herald reporter brought to our attention the
> possible compromise of a select portion of data at a single hotel; we
> investigated immediately and provided commentary. Best Western would
> have welcomed the opportunity to fact-check the story, which would
> have resulted in more accurate and credible reporting on the part of
> the newspaper. We have found no evidence to support the sensational
> claims ultimately made by the reporter and newspaper.
>
> Most importantly, whereas the reporter asserted the recent compromise
> of data for past guests from as far back as 2007, Best Western purges
> all online reservations promptly upon guest departure.
>
> ... etc (the rest being motherhood and apple pie)
>
>
> there's a running commentary in Information Week:
>
> <URL:http://www.informationweek.com/blog/main/archives/2008/08/update_be
> st_wes.html>
>
> which comes down to saying that motherhood and apple pie is all very
> well, but it may be too early to be sure about the nature of the attack.
>
> the front page of the UK site is a bit more circumspect than the Press
> Release:
>
> http://www.bestwestern.co.uk/
>
> Best Western were notified of a security breach to its data systems
> on Friday afternoon and responded by closing this breach immediately.
> We are carrying out further investigations to ensure that all
> relevant procedural standards are met, and that the interests of our
> guests are protected. We do not believe the security breach has
> impacted GB customers but further investigations continue. We would
> like to offer reassurance to customers that all measures are taken to
> protect customer information and that Best Western takes any attack
> on this very seriously.
>
> - --
> richard Richard Clayton
>
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety. Benjamin Franklin
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
>
> iQA/AwUBSLIk1JoAxkTY1oPiEQLuzQCfV3rTK2w4b8SUeCPwpqARjZ9gdM4AnRXT
> 3wxQdVYe2C6ovEO1Z0rvYmA5
> =2NaV
> -----END PGP SIGNATURE-----
>