Monday, August 25, 2008

Hackers target hotel chain and swipe details of all guests from the past year

This is simply staggering, but a harbinger of things to come I am sure:

The Sunday Herald - Scotland's award-winning independent newspaper

Revealed: 8 million victims in the world's biggest cyber heist

EXCLUSIVE: Sunday Herald uncovers theft of data from every guest in 1300 Best Western Hotels in past 12 months

By Iain S Bruce

AN INTERNATIONAL criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment....

Thanks to the ever-vigilant Rob Hyndman for the link.

4 comments:

  1. Makes one want to use cash and adopt a different alias for everything we do.

    ReplyDelete
  2. Best Western quickly expressed its objection to the story, assuring readers that "Best Western purges all online reservations promptly upon guest departure." That was on Monday, August 25 2008 @ 02:03 PM EDT.

    At 06:45 PM EDT the same day, Best Western said, "Best Western purges reservations data within seven days of guest departure,..."

    Gotta wonder which version is closer to the truth.

    ReplyDelete
  3. David: Best Western says only 10 records were compromised, not the 8 million reported by the Sunday Herald. Data security investigations are complex, and they require patience. As we learned from the TJX experience, it is easy for the press and for authorities to over-react. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html

    ReplyDelete
  4. whooo. This is very alarming to all of us. Considering that you'll be hacked for just using a room of a hotel. All your personal data will be steal. The hotel management should do something about it.

    ReplyDelete