Best Western insists massive database wasn't stolen

An article that appeared in last weekend's Glasgow Sunday Herald claiming personal information belonging to eight million travellers had been winkled has been denounced.

An article that appeared in last weekend's Glasgow Sunday Herald claiming personal information belonging to eight million travellers had been winkled has been denounced by the Best Western hospitality chain as "grossly unsubstantiated" and "sensationalist" reporting.

The newspaper's story breathlessly alleged that a shadowy ad-hoc alliance of international cyber-criminals had pillaged Best Western's database of customer records, scarfing up the private details of its customers who had stayed at all of the hotel chain's 1,312 continental establishments from 2007 onwards.

It claimed that some unknown Indian hacker had compromised Best Western's reservations system by planting a trojan horse keylogger, harvested a password to gain access, and sold the data breach to an underground network of Russian mafia scamsters, who proceeded to hoover up the whole database within a matter of hours and launch a European crime wave.

The August 24th article called the supposed caper "one of the most audacious cyber-crimes ever" and estimated that it "could ultimately net more than £2.8 billion" in ill-gotten gains.

We saw the Sunday Herald's article at the time, but thought its tale of how the alleged data breach was accomplished and exploited was extremely sketchy.

The story raised a number of questions that remained unanswered and it was as short on facts and explanations as it was long on speculations about potential crimes and losses. We therefore did not cover it.

In a press release yesterday, Best Western said the Sunday Herald's claims that millions of its customers records were compromised "are not accurate."

Complaining that it was not offered an opportunity to fact-check the story, the hotelier further said, "We have found no evidence to support the sensational claims ultimately made by the reporter and newspaper."

Best Western also stated it "purges all online reservations promptly upon guest departure."

In an email to Informationweek, a company spokesperson wrote, " There was one instance of suspicious activity at a single hotel with respect to 13 guests, who are being notified. We are working with the FBI and international authorities to investigate the source of the other claims, which were never presented to us for investigation prior to publication of the Herald story. We have found no suspicious activity to support them." µ

L'Inqs Informationweek

Glasgow Sunday Herald