According to a Sunday report in Scotland's Glasgow Sunday Herald, last Thursday an Indian hacker devised a method for breaking into Best Western's online booking system and then sold this information to Russian mafia operatives.
The Herald, which described the alleged breach as "the greatest cyber-heist in world history" and credited itself with alerting Best Western, claimed the attack revealed a treasure trove of personal data on every customer who has stayed at one of the chain's 1,312 European hotels since 2007.
In all, the Herald estimated that the home addresses, telephone numbers, credit card, and employment details of about 8 million customers were compromised, and that hackers could use this data to generate more than $5 billion in ill-gotten gains.
However, on Monday, Best Western International railed against the report, describing its assertions as "grossly unsubstantiated." The breach occurred at a single hotel and only involved records of 13 customers, a Best Western spokesperson said in an interview with ChannelWeb.
"Claims reported about our Central Reservations customer records are not accurateWe have found no evidence to support the sensational claims ultimately made by the reporter and newspaper," Best Western said in a statement.
Best Western disputed the Herald's claim that customer data dating to 2007 was affected by the breach, claiming that it purges online reservation data immediately after guests depart.
Best Western also insisted that as of its most recent internal and external reviews earlier this month, the company is in full compliance with the Payment Card Industry (PCI) Data Security Standards (DSS), a set of requirements drawn up by major credit-card companies for securing cardholder data.
But Rich Mogull, an independent security consultant and former Gartner analyst, says companies that are PCI compliant aren't immune from being hacked.
"With PCI, although you've at least undergone some level of security, we haven't seen a direct correlation between PCI certification and an organization's ability to defend against certain types of attacks, particularly those involving Web application security," said Mogull.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
