FYI: Revealed: 8 million victims in the world's biggest cyberheist [Best Western Hotel group]

[Roland Perry]

In article <87zlmvcwxx.fsf@mid.deneb.enyo.de>, Florian Weimer 
<fw@deneb.enyo.de> writes
>>>   Most importantly, whereas the reporter asserted the recent compromise
>>>   of data for past guests from as far back as 2007, Best Western purges
>>>   all online reservations promptly upon guest departure.
>>
>> That must be a bit inconvenient for the "frequent flyer" programme
>> [Gold Crown Club International tm], unless they regard that as a
>> completely separate piece of IT.
>
>I find it hard to believe that hotels located in Germany do not keep
>this information, either.  There's a general obligation to preserve
>business records (including business correspondence) for several years.

I mentioned this issue to a someone who deals with retail security 
yesterday, and their view was that Best Western were probably referring 
only to purging the credit card details.

However, even that seems a trifle premature, as I've recently had a 
post-checkout billing dispute with a hotel in Paris, which ended up with 
them eventually issuing a refund to my credit card about a month later. 
The usual minimum retention time for such data (before all the recent 
greater attention to such things) would probably be three months.
-- 
Roland Perry