The Sunday Herald, an independent news publication based in Scotland, has torn the lid off what it claims to be the world’s biggest caper. Eight million customers, each offering patronage to Best Western Hotels, have been victimized thanks to the efforts of an Indian hacker and the Russian underground.
Best Western - Decent nights sleep for some, stolen ID databank for others. (IMG:J.Anderson)
The crime is pure finesse, as a malicious Indian hacker took down the security on Best Western's booking system and, instead of making a fast data dump for a grab and dash attack, he sold the details of the hack to the Russian criminal underground.
The crime has placed every guest who has ever stayed in one of the 1,312 European Best Western Hotels since 2007 at risk. The stolen customer details, according to the Sunday Herald, amounts to a complete ID kit, as the entire booking system was breached. Home address, credit card information, telephone numbers, customer names, and, in the case of business travel, corporate information were all included in the report of stolen data.
The secret door into the booking system was closed Friday, the Herald reported, but by now the damage is done. While extreme, the report of a potential "burglary packs" is a consideration.
Again, the criminals had complete access to the booking system. Past, present and future bookings were all there for the taking. The attack happened because of a Trojan placed on the booking system that recorded employee log-in details. While Best Western used anti-virus protection, it is unknown if it was maintained and updated, or if the Trojan used was simply one that is undetectable to whichever vendor supplied the AV protection.
"They've pulled off a masterstroke here," security expert Jacques Erasmus from Prevx told The Sunday Herald. "There are plenty of hacked company databases for sale online but the sheer volume and quality of the information that's been stolen in the Best Western raid makes this particularly rare. The Russian gangs who specialize in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there's enough data there to spark a major European crime wave."
Best Western is investigating, but the only notice so far is on the company's UK Web site.
“Best Western were notified of a security breach to its data systems on Friday afternoon and responded by closing this breach immediately. We are carrying out further investigations to ensure that all relevant procedural standards are met, and that the interests of our guests are protected. We do not believe the security breach has impacted GB customers but further investigations continue. We would like to offer reassurance to customers that all measures are taken to protect customer information and that Best Western takes any attack on this very seriously.” – www.bestwestern.co.uk
If you have stayed in one of the UK-based Best Western Hotels since 2007 and want to know more, Best Western customer service can be reached is at: 0800 528-1238.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)