Best Western Breach Nets 8 Million IDs -- Or Does It? - The Channel Wire - IT Channel News And Views by CRN and VARBusiness

News

Reviews

NEW ON CHANNELWEB

Coming Up: Women of the Channel Winter Workshop

Annual Report Cards

State of Tech: Security

Fast Growth 100

Tech Books Online

Subscribe to CRN

FEATURED VIDEO

Sponsored By:

SLIDE SHOWS

Pass That PCI Audit: 20 Hot Compliance Products

As if they needed more stress, organizations are facing evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. Here are a few security compliance products that can make the audit process less excruciating.

D&H: 10 Fresh Products For SMBs

Here are 10 of the distributor's hottest new offerings winning over solution providers.

Hot New Handsets For The Holidays

New smartphones from Sony, Motorola and the first-ever Twitter-only mobile device -- the TwitterPeek -- headline a busy week for handset makers as the holiday shopping season heats up.

INSIDE CHANNELWEB

Emerging Vendors Blog

Emerging Vendors Report

Fast Growth 100

Demand Generation Services

Partner Programs Guide

Vendor Content Community

Vendor Stimulus Directory

Women of the Channel

White Paper Library

BLOGS

The Channel Wire

August 25, 2008

Best Western Breach Nets 8 Million IDs -- Or Does It?

Depending on who you believe, Best Western has either been the victim of a massive breach of confidential customer data, or simply a victim of sensationalist reporting.

According to a Sunday report in Scotland's Glasgow Sunday Herald, last Thursday an Indian hacker devised a method for breaking into Best Western's online booking system and then sold this information to Russian mafia operatives.

The Herald, which described the alleged breach as "the greatest cyber-heist in world history" and credited itself with alerting Best Western, claimed the attack revealed a treasure trove of personal data on every customer who has stayed at one of the chain's 1,312 European hotels since 2007.

In all, the Herald estimated that the home addresses, telephone numbers, credit card, and employment details of about 8 million customers were compromised, and that hackers could use this data to generate more than $5 billion in ill-gotten gains.

However, on Monday, Best Western International railed against the report, describing its assertions as "grossly unsubstantiated." The breach occurred at a single hotel and only involved records of 13 customers, a Best Western spokesperson said in an interview with ChannelWeb.

"Claims reported about our Central Reservations customer records are not accurateWe have found no evidence to support the sensational claims ultimately made by the reporter and newspaper," Best Western said in a statement.

Best Western disputed the Herald's claim that customer data dating to 2007 was affected by the breach, claiming that it purges online reservation data immediately after guests depart.

Best Western also insisted that as of its most recent internal and external reviews earlier this month, the company is in full compliance with the Payment Card Industry (PCI) Data Security Standards (DSS), a set of requirements drawn up by major credit-card companies for securing cardholder data.

But Rich Mogull, an independent security consultant and former Gartner analyst, says companies that are PCI compliant aren't immune from being hacked.

"With PCI, although you've at least undergone some level of security, we haven't seen a direct correlation between PCI certification and an organization's ability to defend against certain types of attacks, particularly those involving Web application security," said Mogull.

Posted by Kevin McLaughlin at 4:25 PM

>>More from "The Channel Wire"

Share: Digg Del.icio.us Facebook LinkedIn Twitter
More Security | Email this blog | Print this blog | Reprints

Main >>

Contact

Email Us

Subscribe To This Feed

More Newsfeed Information