in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Database File Encryption Present In Best Western Hack According To The Company

A data breach affecting over 8 million Best Western customers was reported over the weekend by the Sunday Herald, a newspaper in Glasgow, Scotland.  The Best Western hotel chain has released a statement earlier today saying that the claim is “grossly unsubstantiated.”  The company has also listed a number of methods they’ve used to protect customer information, and has noted that they use encryption to protect the credit card information in their databases (data at rest) and moving through their networks.  Those are magic words to my ears.  It doesn’t mean that a data breach cannot occur—after all, the hacker got into their system.  Who knows if he installed packet sniffers and whatnot, and managed to record the password to decrypt the information, right?

 

But, this is a company that has implemented at least an important facet of data security.  Here’s a list of what else they’ve implemented:

 
  • Secure network that is protected with firewalls
  • Strong information security policy
  • Credit card numbers are collected to process reservations only
  • Restricted access to sensitive data, like the credit card numbers above
  • Use of encryption (already noted) to the same
  • DELETION of credit card information and all other personal information upon guest departure
 

Supposedly, Best Western does this to be in compliance with PCI DSS.  That last bullet point implies that customer data going all the way back to 2007 couldn’t have been part of the data breach, as reported by the Sunday Herald, unless Best Western has 8 million guests who’ve been staying with them for eight months, which I’d find impossible and weird.  I mean, their rooms are OK, but they’re not the penthouse at the Four Seasons…

 

What I do find weird, though, is also the last point.  If they actually delete all personal information, how do they keep track of their customers?  Isn’t the hospitality industry famous—perhaps even notorious—for keeping track of customers?

 Like the TJX case before, it will take time to figure out the extent of the breach.  So far, Best Western has admitted that only 13 customers have been affected by the network intrusion.  If the Glasgow newspaper has its facts right—again, a point severely contested by Best Western—the number can only go up from here.  But if they’ve put as much effort into securing their data—including the use of file encryption like AlertBoot to protect the content of their servers—I’m willing to bet that the hotel chain has things under control (as opposed to other businesses that wish they had things under control...and leave it at that). 

Related Articles:

http://www.sundayherald.com/news/heraldnews/display.var.2432225.0.revealed_8_million_victims_in_the_worlds_biggest_cyber_heist.php

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=210200550&subSection=News

http://www.marketwatch.com/news/story/best-western-responds-sunday-herald/story.aspx?guid={A87F9682-AC67-4803-A135-B6ACF42C0956}&dist=hppr

 
<Previous Next>

File Encryption Used In Lost UNHS Backup Tape. Nothing To See Here

Hard Drive Encryption A Good Remedy For Renegade eBay Auctions

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.