Best Western: 1 Hotel, 1 Log-On, 10 Customers
This statement is intended to provide further detail on the largely erroneous story originated by The Sunday Herald newspaper in Scotland, concerning the breach of Best Western's Central Reservations System.
We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel. The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel's anti-virus software. The compromised log-in ID permitted access to reservations data for that property only. The log-in ID was immediately terminated, and the computer in question has been removed from use.
We can also confirm that we have been able to narrow down the number of customers affected by this breach to ten. We are currently contacting those customers and offering assistance as needed.
We are working with the FBI and international authorities to investigate further.
Points of note:
- The compromised user ID permitted access only to the reservations at a single hotel, and there is no evidence of unauthorized access to data for any other Best Western hotel.
- Best Western purges reservations data within seven days of guest departure, thereby limiting potential data exposure to (1) guests who departed up to one week prior to the exposure; (2) current guests; and (3) future guests of that particular hotel.
- There is no evidence of any unauthorized access to any other customer data.