Best Western has suffered a major data breach that potentially exposed a large quantity of sensitive customer information at a European hotel.
Best Western rejected claims, that it had suffered a massive compromise of customer details and the company strongly disputes claims that an attacker gained access to millions of customer records with credit-card numbers, as it had appeared in an article published in the Glasgow Sunday Herald.
Best Western was quoted in
The Register: "
We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel. The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel's anti-virus software. The compromised log-in ID permitted access to reservations data for that property only. The log-in ID was immediately terminated, and the computer in question has been removed from use. We can also confirm that we have been able to narrow down the number of customers affected by this breach to ten. We are currently contacting those customers and offering assistance as needed.We are working with the FBI and international authorities to investigate further."
Speaking to ZDNet.co.uk on Thursday, Bernhard Viets, manager of Best Western Hotel am Schloss Kopenick, said
his staff had first been alerted to the presence of the Trojan through an alert from the hotel's Symantec antivirus software."We got the warning from the antivirus software and, after that, we turned off the systems and changed the systems," said Viets. "We cut off our internet connection, informed IT and turned everything off immediately. I don't know the details of the virus. It was only 10 people who were affected. The clients who were hacked have been informed."According to Best Western spokeswoman Marie Yarroll, the number of compromised customer records, according to the current analysis and investigation, appears to be only 10 and not more than a dozen. "We are currently contacting those customers and offering assistance as needed," Best Western said Monday night in a statement.
Best Western further stated that it is working with the FBI and international authorities to investigate and that "Best Western purges reservations data within seven days of guest departure" in one security step.
Best Western also complies with the Payment Card Industry Data Security Standards, the hotel said. "To maintain that compliance, Best Western maintains a secure network protected by firewalls and governed by a strong information security policy." Best Western said it will release more information as it becomes available.
Best Western also says it's disputing the Glasgow Sunday Herald's story with the publishing outfit.
Related articles:- Ensuring Credit Card Security via PCI Compliance: What Hotels Need to Know. ~ click to read
- Wireless Insecurity in Hotels.. ~ click to read
