News

Inn Software Breach - How It Affects Us

Scotland’s Sunday Herald newspaper has an exclusive report that the Best Western hotel chain has lost the personal details of each and every guest who has stayed at any of its 1300 hotels in the past 12 months. This amounts to details on 8 million customers and includes information such as name, address and credit card details. The data clearly would also include future booking details, causing speculation in some blogs that homes could be targeted for burglary when it’s anticipated they will be unoccupied.   According to Albanach a Best Western spokesperson is quoted as saying ‘Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected.

New reports on Wired are saying that this is incorrect and that only 10 customers data was comprimised and that these customers were notified and the situation is being addressed.

Of course, this raises some good points for our industry.  What do you do with your customers credit card and personal data?  Are you using a central or web based service to collect that data?  Do you know how they are handling the information?  Are you storing it on your own computer at the inn?  Do you purge credit card data after the stay?

A search around didn’t turn up any best practices for the industry - but I would say that at a minimum inns should be taking the following precautions:

• Store credit card information only as long as necessary to secure the stay.  Destroy or purge this information when the stay is complete.
• If you use online reservation systems, be sure that the data is handled the same way, stored only as long as necessary and purged at checkout.
• If you use a local computer program (something installed on your computer at the inn) be sure that some simple “firewall” at the minimum is installed so that other computers cannot access your files.  This becomes even more important as inns add wireless networks and public access computers.
• Never transmit your guest credit card information over email.

Are there any other tips you would suggest to be sure that our industry keeps on top of securing our customers data?

© 2008 innkeeping.org.