The actual scope of the Best Western data breach is open to speculation. The Sunday Herald scoop was that “stolen login details were..put up for sale and shared on an underground website operated by a notorious branch of the Russian mafia… Once the information was online, experts estimate that it would take less than an hour to write and run a software bot..capable of harvesting every record on Best Western’s European reservation system”. However, this has been refuted with the company claiming there was “some evidence” of unauthorized access to customer data by someone using a valid employee username and password. But the compromise was limited to just one property..adding that the total number of potentially affected customers was 115.
There are some messages for all of us to take home from this incident.
– The press and blogging community will be quick to latch onto speculation about data breaches. News will spread fast. Having a good incident response and communication plan is essential. The messages that do come out from your organisation will be analysed and pulled apart. For instance – how can they be sure only 115 records were compromised? It’s a very precise number.
– The reported fact that an account was compromised because of malware on a PC has not been refuted. It’s a good opportunity to remind company employees to be vigilant and for network teams to double-check that all servers, devices and desktops are patched and up to date. Use this incident as an example of what can go wrong.
– We obviously don’t know how the Trojan code got onto the compromised device. Perhaps the malware signatures weren’t up to date, it may have been unknown malware for an unknown vulnerability, or it may have been deliberately installed by a malicious company employee.
– Don’t down play the value of the data your own business holds. Given the opportunity, criminals will steal it and trade it.
Whether or not Best Western have been the subject of one of the most audacious cyber-crimes ever this incident serves as a timely reminder that hackers are still after our systems.