On Tue, 26 Aug 2008, Tim Trent wrote:
> Late last night I picked up another part of this story where Best Western
> states that the breach only affected 13 people.
Best Western UK website has a link to their statement which gives their
version of events ("don't panic, crap journalism" would be a summary).
Jethro.
>
> Two things strike me:
>
> "Only?" 13 is still 13 too many for a competently run database
>
> And I'm wondering if this was just puffery on behalf of the newspaper that
> broke the story.
>
> Time will tell.
>
> Tim Trent wrote:
> > I picked this up over the weekend:
> >
> > BEGINS
> > An unknown Indian hacker is being 'charged' with the greatest cyber-heist in
> > history for allegedly helping a criminal gang steal identities of an
> > estimated eight million people in a hacking raid that could ultimately net
> > more than 2.8 billion pounds in illegal funds.
> >
> > An investigation by Scotland's Sunday Herald newspaper has discovered that
> > late on Thursday night a previously unknown Indian hacker successfully
> > breached the IT defences of UK's Best Western Hotel group's online booking
> > system and sold details of how to access it through an underground network
> > operated by the Russian mafia.
> >
> > There are no details yet on how the hacker was identified to be an Indian
> > and if a probe is on to identify the person. It is also not known if the
> > hotel chain has alerted the police about the heist.
> > ENDS
> >
> > I love the word "charged" in this context, since it means precisely nothing,
> > at least form the way the article is written.
> >
> > It looks as if 8 million data records with full credit card details and home
> > addresses and phone numbers has been allowed to escape into the wild. That
> > can't be good news.
> >
> > There is a link to the main article from
> > http://complianceandprivacy.com/News.asp where I've also covered a story
> > about Viet Nam's new anti spam laws and an interesting conference in The
> > Philippines which says that they absolutely need data privacy laws if they
> > want to be a Business Process Outsourcing centre of excellence. Not that it
> > stopped India, did it?
> > --
> > ------------------------------------------------------------------------
> >
> > *Tim Trent* - Consultant
> > */Tel/*: +44 (0)7710 126618
> > */web/*: ComplianceAndPrivacy.com <http://complianceandprivacy.com> - where
> > busy executives go to find the news first
> > */personal blog/*: timtrent.blogspot.com/ <http://timtrent.blogspot.com/>
> >
> > Marketing by Permission
> > <http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
> >
> > *Important*: This message is private and confidential. If you have received
> > this message in error, please notify us and remove it from your system. This
> > email and any attachment(s) are believed to be virus-free, but it is the
> > responsibility of the recipient to make all the necessary virus checks. This
> > email and any attachments to it are copyright of Meadowood Associates,
> > owners of Compliance And Privacy, unless otherwise stated. Their copying,
> > transmission, reproduction in whole or in part may only be undertaken with
> > the express permission, in writing, of Meadowood Associates, at Meadowood
> > House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.
> >
> > ------------------------------------------------------------------------
> >
> > All archives of messages are stored permanently and are available to the
> > world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> >
> > Selected commands (the command has been filled in below in the body of the
> > email if you are receiving emails in HTML format):
> >
> > * Leaving this list: send */leave data-protection/* to
> > [log in to unmask]
> > <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> > * Suspending emails from all JISCMail lists: send */SET * NOMAIL/*
> > to [log in to unmask]
> > <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> > * To receive emails from this list in text format: send */SET
> > data-protection NOHTML/* to [log in to unmask]
> > <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> > * To receive emails from this list in HTML format: send */SET
> > data-protection HTML/* to [log in to unmask]
> > <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
> >
> > All user commands can be found at
> > http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the *body* of
> > an otherwise blank email to [log in to unmask]
> > <mailto:[log in to unmask]>
> >
> > Any queries about sending or receiving messages please send to the list
> > owner [log in to unmask]
> > <mailto:[log in to unmask]>
> >
> > (Please send all commands to [log in to unmask]
> > <mailto:[log in to unmask]> not the list or the moderators, and all
> > requests for technical help to [log in to unmask]
> > <mailto:[log in to unmask]>, the general office helpline)
> >
> > ------------------------------------------------------------------------
>
> --
> ------------------------------------------------------------------------
>
> *Tim Trent* - Consultant
> */Tel/*: +44 (0)7710 126618
> */web/*: ComplianceAndPrivacy.com <http://complianceandprivacy.com> - where
> busy executives go to find the news first
> */personal blog/*: timtrent.blogspot.com/ <http://timtrent.blogspot.com/>
>
> Marketing by Permission
> <http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
>
> *Important*: This message is private and confidential. If you have received
> this message in error, please notify us and remove it from your system. This
> email and any attachment(s) are believed to be virus-free, but it is the
> responsibility of the recipient to make all the necessary virus checks. This
> email and any attachments to it are copyright of Meadowood Associates, owners
> of Compliance And Privacy, unless otherwise stated. Their copying,
> transmission, reproduction in whole or in part may only be undertaken with the
> express permission, in writing, of Meadowood Associates, at Meadowood House,
> 30 Redditch, Bracknell, Berkshire, RG12 0TT.
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|