Discover Your Perfect Stay

The Scottish Sunday

EXCLUSIVE: Scottish Sunday uncovers theft of data from every guest in 1300 Best Western Hotels in past 12 months

By Iain S Bruce

An international criminal gang has executed an audacious cyber-crime, stealing the identities of approximately eight million people in a hacking raid that could potentially generate illegal funds exceeding £2.8 billion. A groundbreaking investigation by The Scottish Sunday has revealed that, in a late-night breach on Thursday, an unknown Indian hacker successfully infiltrated the Best Western Hotel group's online booking system and subsequently sold this information to the Russian mafia through an underground network. The hacking incident has been dubbed the greatest cyber-heist in history.

A Complete Identity Theft Kit

The attack resulted in the theft of personal details of every customer who had booked into any of Best Western's 1312 continental hotels since 2007. This stolen information includes home addresses, telephone numbers, credit card details, and employment details. Security expert Jacques Erasmus, a former hacker who now works for Prevx computer security firm, stated that the stolen data's volume and quality is extremely rare in the realm of hacked company databases available online for sale. Russian criminal groups specializing in cyber crime are already believed to be exploiting this information. In the wrong hands, this data can trigger a major crime wave across Europe.

The Consequences of the Data Breach

While Best Western closed the security breach promptly after being alerted by The Scottish Sunday, experts fear that those responsible for the attack are already using the seized information to carry out various criminal strategies. These include:

1. Fraudulent Purchases

Fraudsters equipped with customers' credit card numbers and expiration dates can make multiple high-value purchases in their victims' names and then sell the goods.

2. Identity Theft

The stolen data, when paired with home addresses and other personal details, can be used by organized crime groups specializing in identity theft to apply for loans, credit cards, and other financial agreements in the victims' names.

3. Burglaries

Since the compromised information includes future bookings, the criminals now have the ability to identify potential targets for burglaries by knowing local victims' home addresses and the dates they will be away from home.

The Method Behind the Hack

The precise details of the raid are difficult to track due to the nature of internet crime. However, The Scottish Sunday has learned that an Indian hacker, unfamiliar with cyber crime, managed to bypass the system's security software and implant a Trojan virus on one of Best Western's reservation machines. This allowed the hacker to collect and store the username and password of a staff member who logged into the compromised machine. Jacques Erasmus explained that large corporate companies often rely on anti-virus products for protection, but these products can only detect around 60% of existing threats. Skilled hackers can bypass these programs, as demonstrated in this case.

The Sale of Login Details

Once the stolen login details were secured, they were placed for sale on an underground website operated by a notorious branch of the Russian mafia specializing in internet crime. This website offers untraceable hosting services with no questions asked regarding criminal activity. Experts estimate that it would have taken less than an hour for someone to write and execute a simple computer program capable of extracting every record from Best Western's European reservation system. With an estimated eight million people staying in the hotel group's 86,375 continental rooms each year, those responsible for the breach now have access to bookings from 2007 to 2008. Considering that the average victim of internet crime loses £356 according to the FBI-sponsored Internet Crime Complaint Center, these criminals are potentially sitting on a haul of at least £2.84 billion.

Breach Mitigation and Investigation

After being informed about the breach by The Scottish Sunday, Best Western Hotels promptly closed the security vulnerability on Friday afternoon. The company is now working with its credit card partners to ensure appropriate procedural standards are met in order to protect its guests' interests. Best Western emphasized that its staff is fully aware of the seriousness of the attack and reassured customers that necessary actions are being taken. Concerned guests are advised to contact Best Western customer service at +001 800-528-1238.

Hotels and Data Security

The Best Western data breach is a concerning reminder of the vulnerabilities that hotels and other businesses face in the digital age. As technology continues to advance, cyber criminals are finding new ways to exploit security weaknesses and steal sensitive information. With the sheer number of guests staying at hotels worldwide, the potential impact of such breaches is significant.

The Importance of Robust Cybersecurity

Hotels must prioritize robust cybersecurity measures to protect both their guests' personal information and their own reputations. This includes investing in state-of-the-art encryption technologies, regularly updating security systems, and implementing comprehensive staff training programs to raise awareness about cyber threats and best practices for data protection.

The Role of Industry Regulations

Government regulations and industry standards for data security are also crucial in ensuring the safety of guest information. Hotel associations, local authorities, and international bodies should collaborate to establish and enforce strict regulations regarding data privacy and protection. Compliance with these regulations should be mandatory for all hotels, and regular audits should be conducted to ensure adherence.

Building Trust with Guests

Hotels need to be transparent about their data security practices and communicate their efforts to protect guest information effectively. This includes providing clear privacy policies, secure online booking platforms, and prompt notification in the event of a data breach. By prioritizing data protection and building trust with their guests, hotels can establish a competitive advantage in an increasingly digital and security-conscious world.

London

Manchester

Bournemouth

Chester

Haverfordwest

Spalding

Ruthin

Clapham (North Yorkshire)

Saltash

Camber

St Asaph

Framlingham

New York

Birmingham

Bristol

Cardiff

Nottingham

Bath

Southampton

Cambridge (Cambridgeshire)

Swansea

Weston-super-Mare

Stockport

Newquay (Cornwall)

Bradford (West Yorkshire)

Alderley Edge

Haslemere

Coalville

Wythenshawe

Thatcham

Beaulieu

Chipping Sodbury

March

Chagford

Alcester