I mentioned Iain S Bruce’s big Sunday Herald exclusive yesterday, which claimed that 8m people had their personal details compromised by an alleged security lapse at the Best Western hotel chain.
Well, the chain has finally responded, and has done so very firmly indeed. Best Western doesn’t admit to any data loss, saying only that the Herald “brought to our attention the possible compromise of a select portion of data at a single hotel”.
Best Western says it has “found no evidence to support the sensational claims ultimately made by the reporter and newspaper.” They also describe the steps they take to keep data secure, and say “we have no evidence to suggest that there is need for widespread concern”.
Given the strength of Best Western’s denials, the ball appears to be back in the Herald’s court. More evidence would be interesting to see now, especially as the chatter continues around the web; Slashdot has a thread while the Information Week blog asks some questions about Best Western’s statement. There’s clearly a million miles between the Herald’s story and the chain’s retort.
Neil: Best Western now says only a handful of records were compromised, not millions. Data security investigations are complex, and they require patience. As we learned from the TJX experience, it is easy for the press and for authorities to over-react. –Ben http://legal-beagle.typepad.co.....d-iss.html
Have emailed Best Western to inquire if my credit card details are secure.As a customer I think they are obliged to reply with a firm YES or NO.
Perhaps anyone who has stayed a Best Westen Hotel in the past year should do the same???
http://www.itwire.com/content/view/20249/53/
Iain seems to be on the counter-offensive…
Knew nothing about this until an email arrived from Best Western. I then searched the net thingking it might be a scam as no logo etc came with the email. Here is a copy
Dear James
You may be aware on Sunday 24th August the Scottish Herald printed a story claiming a hacker had gained access to Best Western guest information. This story is grossly unsubstantiated!
After a detailed investigation we can confirm that on 21st August a single hotel in Germany was compromised by a virus. The compromise permitted access to reservations data for that property only. This has affected only ten customers who we are currently being contacted to offer our assistance, none of these were GB customers. There is no evidence of any unauthorized access to any other customer data. Most importantly Best Western purges all reservations data within seven days of guest departure.
We are working with the FBI and other international authorities to investigate further.
At Best Western we take the confidentiality of our customers’ personal information very seriously,
complying with the Payment Card Industry (PCI) Data Security Standards (DSS). To maintain that compliance, Best Western maintains a secure network protected by firewalls and governed by a strong information security policy. We regularly test our systems and processes in an effort to protect customer information, and employ the services of industry-leading third-party firms to evaluate our safeguards.
Yours sincerely,
David Clarke CEO
Best Western Hotels GB
We are sending you this email because you have recently made a booking with Best Western Hotels and given us your email address.
To unsubscribe please visit http://online.bestwestern.co.u.....W2pJKLdiSW
Best Western is the international trading name of Interchange and Consort Hotels Limited.
Registered office: Consort House, Amy Johnson Way, Clifton Moor, York YO30 4GP. Registered No: 1002192 England.