The European operation of the Best Western hotel chain has become the victim of a massive cyber-theft attack. By placing a “keylogger” on a corporate computer connected to their reservations system, a whopping 8 million customer records were stolen. Included in the records are names, address, phone number, credit card numbers and employment information.
The records were stored for every single customer who stayed at one of 1300 European Best Western hotels since 2007. The Sunday Herald reports that the theft was carried out by an Indian hacker, who then put the information up for sale on an underground web site, operated by the Russian Mafia. The entire story sound like it was copied right out of a spy novel.
The whole thing is extremely embarrassing for Best Western, who have handed control of their European computer operations over to their American colleagues. According to a UK based Best Western spokesperson, the company is “taking appropriate action”. Of course, none of this will be of any use to people who have lost their information, and credit card companies might have no other option than to issue millions of new cards to victims of this theft.
If you stayed at a Best Western hotel in Europe in the past year, you may want to contact your credit card provider, and keep a close eye out for trasnactions you did not approve.
Source: Sunday Herald (via Slashdot), Image from Flickr.
UPDATE: Best Western have conducted an internal investigation and “found no evidence of 8 million stolen records” (PDF file). I’m sure time will tell whether this was all all elaborate hoax by an amateur hacker.