The Sunday Herald, a Scottish newspaper has a report on what could end up being the largest heist in hospitality, if not cyber-space, annals.
According to the Herald “An international criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion ($5.16bn) in illegal funds”. The paper’s investigation revealed that a “previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia”.
The paper notes that the “stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment”.
The hotel chain has stated that it has taken “immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected.”
While cyber crime is not new, the methods almost always are. Best Western likely has closed the gap on what enabled this crime but hackers are constantly on the prowl with new innovative methods to get after (usually) corporate websites. One way of keeping abreast of them is to attend DefCon, an annual gathering of hackers from all over the world. This year’s Defcon was held at the Riviera Hotel and Casino in Las Vegas with a menu of items that is of interest, ironically, both to knaves and knights. The events included seminars on topics such as “Analyzing Intrusions & Intruders; Disclosure and Intellectual Property Law: Case Studies;Vulnerabilities and The Information Assurance Directorate and Database Forensics.
It is thanks to this gathering, among others, that the battle to thwart cyber-crime, is largely won by the good guys. Tech departments in hospitality companies would do well to ensure their participation to minimize, if not eliminate, cyber-crimes.