Hackers breach Best Western in data heist

Hackers have broken into the corporate databases for best Western Hotels and may have stolen the names, addresses and credit card information of every customer who stayed with the international group since 2007.

An investigation by the Sunday Herald found that an unknown Indian hacker got into Best Western's databases on Thursday and accessed its databases, which contain the names, addresses, credit card numbers and additional customer's information of people who have used the chain internationally.

"Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected," said a spokesman.

"We continue to investigate the root cause of the issue, including, but not limited to, the third-party website that has allegedly facilitated this illegal exchange of information."

The data on how to get into the database was apparently provided by an Eastern European hacking group and although the security hole the hacker used has now been closed the potential losses to customers could be huge.

View: Vnunet

Report a problem with article
Previous Story

BurnAware Free 2.1

Next Story

iTech Bluetooth Virtual Keyboard Review

40 Comments

View more comments

(s3n4te said @ #5)
Are Canadian customers affected?

I think so ... "...credit card information of every customer who stayed with the international group since 2007".

I like how the icon for the article is the "bad windows" icon. I don't see anywhere in the article where it mentions Windows as the culprit. Perhaps Neowin should use a more neutral icon for these types of articles?

(Chrono951 said @ #6)
I like how the icon for the article is the "bad windows" icon. I don't see anywhere in the article where it mentions Windows as the culprit. Perhaps Neowin should use a more neutral icon for these types of articles?

+1. I thought I was the only one who noticed the Neowin Anti-Windows logo being used when there is absolutely no mention of which operating system in use. I guess we know where Neowin stands.

nice...but I have to ask the same questoin Don Matteo asked "how'd they know the hacker was indian...?!!??" And why oh..why, would you store someone's information for so long?

The hacker "is" indian because they can track the registry and look who accesses (the IP) the database, with the IP is possible to determine the location of the hacker and, with the date/time is also possible to determine where was done the connection. Of course, only a fool will try to hack a system without hiding/spoofing their own ip, so yes, this "indian" can be any person, from other country or even a former/actual Best Western employee and usually the hack are from the inside.

Oh well, looks like I've got to phone the bank and request a new card I doubt I'll stay at the Best Western chain again. I hope this ensures other companies tighten their security using securid's and proper anti-virus software to stop this happening.

Companies are responsible for the data they keep and thus should be sued when a security breach occurs. There is no reason to store data in a way that hundreds of thousands of records can easily be downloaded....

(imachip said @ #13)
Oh well, looks like I've got to phone the bank and request a new card I doubt I'll stay at the Best Western chain again. I hope this ensures other companies tighten their security using securid's and proper anti-virus software to stop this happening.

Companies are responsible for the data they keep and thus should be sued when a security breach occurs. There is no reason to store data in a way that hundreds of thousands of records can easily be downloaded....


it is not best western chain or other company, it is only whom hacker want to go for.
companies should try to provide good security to their data.
war between evil and good will remain there.

Well if an Indian broke into Best Western, should we have some teenager break in the Best Mid-Eastern in response?
(Ba da boom -tiss)

You idiot.

India is not in the middle east. It is in South Asia.

I am not having a dig at you however I hate the world's ignorrance when it comes to racial groups.

"Oooooh Indians...similar race to some terriosts....lets bomb them"

(jonnytabpni said @ #14.1)
You idiot.

India is not in the middle east. It is in South Asia.

I am not having a dig at you however I hate the world's ignorrance when it comes to racial groups.

"Oooooh Indians...similar race to some terriosts....lets bomb them" :(

Hey chickey pie
Ba Da Boom Tiss.... Does that sound like a "Rim shot"?
You must have been disgusted with Harold and Kumar movies
And who cares what you interpret from my comment.
So ....... get a hooka, a flute, a wicker basket full of snakes, wrap a bath towel around your head and calm down

Geeez some people are so stiff these days

Not having a dig at you but I dont even know if there is a Best Eastern...or a Best South Asia... it was a play on words

(jonnytabpni said @ #14.1)
You idiot.

India is not in the middle east. It is in South Asia.

I am not having a dig at you however I hate the world's ignorrance when it comes to racial groups.

"Oooooh Indians...similar race to some terriosts....lets bomb them" :(

Lets bomb the "terrorists race"

You're aren't too bright either.

(atari800 said @ #13.2)

Hey chickey pie
Ba Da Boom Tiss.... Does that sound like a "Rim shot"?
You must have been disgusted with Harold and Kumar movies
And who cares what you interpret from my comment.
So ....... get a hooka, a flute, a wicker basket full of snakes, wrap a bath towel around your head and calm down

Geeez some people are so stiff these days

Not having a dig at you but I dont even know if there is a Best Eastern...or a Best South Asia... it was a play on words

OMG your just proving my point even more. For a start, Indians tend not to wear towels around their head. But anyway, I don't really care what you think. Thank Goodness that there are many people in the world who are bigger than you who just know not to say such offensive stupid thing.

I *could* bring up the stupid amercian thing (assuming that you are amercian - hey you made some wrong assumptions too) but I won't coz I have faith in the human race and that not everyone's personality can be sterotyped by their racial group.

Tip to the world: Stop judging each other by the colours of ones skin. Not all Amercian are stupid. Not all brown coloured folks are related to or from the same country as each other. I hate this world of ignorrance. Let's try and do something to stop it

Forgiven

We just all have to realise that the colour of ones skin cannot determine their political beliefs, religion or even the country that they are from.

Yes, Indian folks do have a similar race to some middle eastern countries that the USA is at wars with, however there is no hostility between Indian and the western world.

My mother and father are Indian. However my mother lived all her life in the UK and I was born here and I have never even visited India. I have actually lived longer in the Western World than some people that say racists things to me. I feel as British/Irish (living in Northern Ireland here lol) as any other person in this province.

I really don't understand why that would want to store this information. Maybe it's just done.

I work in a shop that keeps all the credit card slips which have to numbers on them. Imagine if they got stolen....

Surely Best Western would be in breach of the PCI DSS - Payment Card Industry Data Security Standard.

Working for a software development company who designs Hotel Reservertion Management Software in the Hotel Industry I am very much aware of the requirements of this standard that specifically state how credit card numebrs can be stored and for how long.
I belive that there are massive fines for clear breaches of the standard - not to mention the potential to loose their merchant facilities.

PCI DSS on Wikipedia

And see thats why i wont have a credit card if you cant pay cash or chq (personal or travelers) go somewhere else. the other thing is why do they need to hold my details for so damn long if after a month there's no discrencies then delete it please. i dont see why that cannot happen and it would be much more secure than the previous situation instead of millions they'd only get if at all a few thousand and the offending company get investigated to see why it was able to be hacked and charged if it was found to be negligent in its security of personal data

Commenting is disabled on this article.