According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.According to this news report in the U.K.'s Telegraph, Best Western GB is currently investigating how its IT systems where breached:
Best Western has confirmed an investigation is under way into how the chain's computer defenses were breached on Thursday night.
Details of how to access the information -- which included home addresses, place of employment and credit card details -- were sold through an underground network operated by the Russian mafia.
The attack scooped up the personal details of guests who stayed at Best Western hotels during the past year, potentially eight million people.
The rest of the details read like a traditional attack. It appears that (and details are always foggy at this point in these types of stories) an attacker was able to plant a Trojan on one of the company's reservation systems. That Trojan then sniffed the username/passwords of users -- which were then allegedly sold to organized crime.
This news report does have a rather optimistic quote from a Best Western spokesman:
Tim Wade, head of marketing for Best Western GB, said it was "unlikely" that whoever was responsible got hold of the details of "every booking at every hotel" in Europe because of the way their system worked.
Now, that's sort of good news. Isn't it?