Canadian Privacy Law Blog

The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Privacy Law Blog Privacy Resources Privacy Articles Privacy Calendar Contact Info/Profile Useful Links Travel Resources

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Monday, August 25, 2008

Hackers target hotel chain and swipe details of all guests from the past year 

This is simply staggering, but a harbinger of things to come I am sure:

The Sunday Herald - Scotland's award-winning independent newspaper

Revealed: 8 million victims in the world's biggest cyber heist

EXCLUSIVE: Sunday Herald uncovers theft of data from every guest in 1300 Best Western Hotels in past 12 months

By Iain S Bruce

AN INTERNATIONAL criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment....

Thanks to the ever-vigilant Rob Hyndman for the link.

Labels:

8/25/2008 08:41:00 AM  :: (4 comments)  ::  Backlinks
Comments:
Makes one want to use cash and adopt a different alias for everything we do.
# posted by Anonymous David Canton : August 25, 2008 9:50 AM
 
Best Western quickly expressed its objection to the story, assuring readers that "Best Western purges all online reservations promptly upon guest departure." That was on Monday, August 25 2008 @ 02:03 PM EDT.

At 06:45 PM EDT the same day, Best Western said, "Best Western purges reservations data within seven days of guest departure,..."

Gotta wonder which version is closer to the truth.
# posted by Anonymous Anonymous : August 26, 2008 1:01 PM
 
David: Best Western says only 10 records were compromised, not the 8 million reported by the Sunday Herald. Data security investigations are complex, and they require patience. As we learned from the TJX experience, it is easy for the press and for authorities to over-react. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html
# posted by Blogger Ben Wright : August 29, 2008 10:59 AM
 
whooo. This is very alarming to all of us. Considering that you'll be hacked for just using a room of a hotel. All your personal data will be steal. The hotel management should do something about it.
# posted by Anonymous Perth Hotels : December 14, 2009 1:42 PM
 
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs