Best Western forced to play defense on data breach disclosure

Could hotel chain have done a better job of defusing story about system intrusion?

The headline in this week's Glasgow Sunday Herald -- "Revealed: 8 million victims in the world's biggest cyber heist" -- was a grabber.

And it certainly got the attention of the Best Western hotel chain, which found itself scrambling to do damage control after the Scottish newspaper reported that hackers had broken into its online reservation system and stolen 8 million customer records. According to the Sunday Herald, the theft netted data on everybody who had stayed at Best Western's 1,312 European hotels this year and in 2007.

After the story appeared on August 24, US-based Best Western International acknowledged that the Herald had alerted it to a "possible compromise" of data. But the company refuted the Sunday Herald's claims about the scope of the system intrusion, saying that the story was "grossly unsubstantiated." Best Western said the breach had affected just 13 customers at a single hotel in Berlin -- a number that it later reduced to 10.

Nonetheless, the company couldn't stanch the online flood of stories and blog posts about the data breach that followed the publication of the Sunday Herald's story, which said that a hacker from India had obtained log-in credentials for Best Western's online booking system via a keystroke-logging program and then sold information on how to access the data in the system "through an underground network operated by the Russian mafia."

Best Western's experience highlights the public relations problems that can result from breach disclosures, as well as the need for companies to have comprehensive incident-response plans in place for dealing with such disclosures.

In this case, Best Western could have beaten the Sunday Herald to the punch by breaking the news about the breach itself. The intrusion took place on August 21; according to the newspaper, it brought the breach to the company's attention the following day, two days before the story was published.

In comments sent via e-mail this week, a Best Western spokeswoman indicated that the company was blindsided by the Sunday Herald's claims about the scope of the breach. The reporter who wrote the story didn't mention the possibility that 8 million records had been stolen when he talked to Best Western officials, the spokeswoman said. She said that he simply asked for the number of Best Western hotels and rooms in Europe, and that he appears to have used those numbers to extrapolate the 8 million figure.

And the only evidence of a breach that the reporter presented was a screenshot of a single log-in suggesting a possible compromise, the spokeswoman added. "Basically, the Herald elicited a statement from us on one issue and used the statement to report on another," she said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags data breach

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?