Best Western forced to play defense on data breach disclosure
Could hotel chain have done a better job of defusing story about system intrusion?
Computerworld - The headline in this week's Glasgow Sunday Herald — "Revealed: 8 million victims in the world's biggest cyber heist" — was a grabber.
And it certainly got the attention of the Best Western hotel chain, which found itself scrambling to do damage control after the Scottish newspaper reported that hackers had broken into its online reservation system and stolen 8 million customer records. According to the Sunday Herald, the theft netted data on everybody who had stayed at Best Western's 1,312 European hotels this year and in 2007.
After the story appeared on Aug. 24, Phoenix-based Best Western International Inc. acknowledged that the Herald had alerted it to a "possible compromise" of data. But the company disputed the newspaper's claims about the scope of the system intrusion, saying that the story was "grossly unsubstantiated." Best Western said the breach had affected just 13 customers at a single hotel in Berlin — a number that it later reduced to 10.
Nonetheless, the company couldn't stanch the online flood of stories and blog posts about the data breach that followed the publication of the Herald's story, which said that a hacker from India had obtained log-in credentials for Best Western's online booking system via a keystroke-logging program. The hacker then sold information on how to access the data in the system "through an underground network operated by the Russian mafia," the story said.
Best Western's experience highlights the public relations problems that can result from breach disclosures, as well as the need for companies to have comprehensive incident-response plans in place for dealing with such disclosures.
In this case, Best Western could have beaten the Herald to the punch by breaking the news about the breach itself. The intrusion took place on Aug. 21; according to the newspaper, it brought the breach to the company's attention the following day, two days before the story was published.
In comments sent via e-mail this week, a Best Western spokeswoman indicated that the company was blindsided by the Herald's claims about the scope of the breach. The reporter who wrote the story didn't mention the possibility that 8 million records had been stolen when he talked to Best Western officials, the spokeswoman said. She said that he simply asked for the number of Best Western hotels and rooms in Europe, and that he appears to have used those numbers to extrapolate the 8 million figure.
And the only evidence of a breach that the reporter presented was a screenshot of a single log-in suggesting a possible compromise, the spokeswoman added. "Basically, the Herald elicited a statement from us on one issue and used the statement to report on another," she said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts