Hotelier defends security record

3:40pm Wednesday 27th August 2008

Comments (0)   Have your say »

A MAJOR hotel chain based in York has refuted claims that personal data of millions of customers was sold to the Russian mafia after its online booking system was accessed by hackers.

National reports said up to eight million people were at risk of ID fraud after an Indian hacker broke into the IT system of Best Western Hotel Group and placed a Trojan virus on one of the firm’s machines used for reservations.

They said the next time a staff member logged in, his or her username and password were collected, stored then put up for sale on a website operated by a branch of the Russian mafia.

It was claimed that data of thousands of customers who had stayed at Best Western hotels in Europe during the last year had been accessed – including home addresses, phone numbers, places of employment and credit card details.

But a spokeswoman for Best Western Hotels, which has its central office in Clifton Moor, York, today confirmed that only ten customers had been affected by the breach of their IT defences last Thursday.

She said data had been accessed via a single log-in ID from one of its hotels in Berlin, Germany.

This log-in ID was immediately terminated and the computer in question was removed from use.

She said: “We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel.

“The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel’s anti-virus software. “The compromised log-in ID permitted access to reservations data for that property only.

“We can also confirm that we have been able to narrow down the number of customers affected by this breach to ten.

“We are currently contacting those customers and offering assistance as needed.

“We are working with the FBI and international authorities to investigate further.”

She also reassured customers that Best Western adhered to strict data protection regulations.

She said: “Best Western purges reservations data within seven days of guest departure, thereby limiting potential data exposure to guests who departed up to one week prior to the exposure, current guests and future guests of that particular hotel.

“In the day-to-day conduct of our business, we comply with the Payment Card Industry and Data Security Standards.

“To maintain that compliance, Best Western maintains a secure network protected by firewalls and governed by a strong information security policy. We regularly test our systems and processes in an effort to protect customer information, and employ the services of industry-leading firms to evaluate our safeguards. “We also delete credit card information and all other personal information upon guest departure.”

She said customers with any concerns could phone Best Western Customer Care at US 800-528-1238.

The Best Western Group, which has a hotel in Duncombe Place, York, is the world’s largest hotel brand with more than 4,000 hotels in 80 countries.