BreachExchange mailing list archives
Re: Best Western Response
From: "Domonick T. Weaver" <dweaver81 () earthlink net>
Date: Mon, 25 Aug 2008 07:15:39 -0400
On Sunday 24 August 2008 22:39:47 jkouns wrote:
http://www.marketwatch.com/news/story/best-western-responds-sunday-herald/s tory.aspx?guid={A87F9682-AC67-4803-A135-B6ACF42C0956}&dist=hppr Best Western Responds to Sunday Herald Story Claiming Security Breach Hotel Chain Asserts No Evidence to Support Sensational Claims Last update: 6:37 p.m. EDT Aug. 24, 2008 PHOENIX, Aug 24, 2008 (BUSINESS WIRE) -- The story printed in the Sunday, August 24, 2008, Glasgow Sunday Herald claiming a security breach of Best Western guest information is grossly unsubstantiated. Claims reported about our Central Reservations customer records are not accurate. We at Best Western take the confidentiality of our customers' personal information very seriously. The Sunday Herald reporter brought to our attention the possible compromise of a select portion of data at a single hotel; we investigated immediately and provided commentary. Best Western would have welcomed the opportunity to fact-check the story, which would have resulted in more accurate and credible reporting on the part of the newspaper. We have found no evidence to support the sensational claims ultimately made by the reporter and newspaper. Most importantly, whereas the reporter asserted the recent compromise of data for past guests from as far back as 2007, Best Western purges all online reservations promptly upon guest departure. Best Western is committed to safeguarding the confidential information of our guests. We comply with the Payment Card Industry (PCI) Data Security Standards (DSS). To maintain that compliance, Best Western maintains a secure network protected by firewalls and governed by a strong information security policy. We collect credit card information only when it is necessary to process a guest's reservation; we restrict access to that information to only those requiring access and through the use of unique and individual, password-protected points of entry; we encrypt credit card information in our systems and databases and in any electronic transmission over public networks; and again, we delete credit card information and all other personal information upon guest departure. We regularly test our systems and processes in an effort to protect customer information, and employ the services of industry-leading third-party firms to evaluate our safeguards. PCI requires the periodic evaluation, testing, and re-certification of compliance. To that end, our most recent internal review was conducted in August 2008, as was our most recent external test and review. Both evaluations showed Best Western to be compliant with PCI DSS. Best Western would like to assure our customers, member hotels and business partners that we have no evidence to suggest that there is need for widespread concern. As a precautionary measure, now and always, we advise guests to review their credit card statements closely, and we will of course continue to comply with PCI standards going forward. Customer inquiries should be directed to our US customer service team at 800 528-1238 SOURCE: Best Western International Best Western International Troy Rutman, 00 + 1 +602.578.0086 (mobile) 00 + 1 +602.957.5668 (office) Troy.Rutman () bestwestern com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
I just want to know this: if they purge the data in their system so often, then how come I can call Best Western and make a reservation on my Visa card, without informing them of the number? and I haven't slept in a Best Western in 5 years? hmm....go figure! _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Best Western Response jkouns (Aug 24)
- Re: Best Western Response Domonick T. Weaver (Aug 25)
- <Possible follow-ups>
- Re: Best Western Response *Hobbit* (Aug 25)
- Re: Best Western Response Tom Mahoney (Aug 25)
- Re: Best Western Response macwheel99 (Aug 26)
- Re: Best Western Response Harris, Michael C. (Aug 26)
- Re: Best Western Response DAIL, WILLARD A (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Michael Hill, CITRMS (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response Daniel Clemens (Aug 26)