Best Western Hotels Cyberhacked: 8 million victims

Now this is a scoop – and well done to Iain S Bruce for getting the tale: today’s Sunday Herald reveals theft of data from every guest in 1300 Best Western Hotels in the past 12 months, which was gathered by an Indian hacker and sold on to a Russian group

Not only is it a cracking tale, but it shows that in this day and age you can pull in a good scoop from contacts across the globe – as long as you have the paper willing to back you on it. Contacts are no longer just people you meet down the road.

Secondly, that’s a company that should be going on the PR offensive as of tomorrow to try and reassure customers/win customers over.

In fact, knowing that a Sunday paper was running this stuff, they should have had their PR team on it from Thursday night, countering the bad press before it was even out there. (having four days to fight a negative story is an absolute gift in PR terms.)

The first phase should have been culminating with efforts today and tomorrow, monitoring websites – and putting up reactions to every posting, getting praise out there about their IT systems, pointing out that the flaw is well fixed, talking about their aggresive system to find other flaws so that this doesn’t happen again (if they were feeling really brave, they should say to hackers ‘ find a flaw, tell us about it and have a week’s stay at a hotel of your choice).

They should also be informing all their high-profile businesses – both the individuals and the companies – and making sure they reasure them enough not to lose their bookings.

(Phase two, for those wondering, is a lot more work: continually making sure the story is always countered when it appears and keeping tabs on the customers aggreived by this.)

This is where companies baffle me in the 21st Century. You know from Thursday that there’s some bad press coming, but Best Western Hotels appears to have done nothing about it. I can understand why they wouldn’t want to mention it on their front page, but not to have something on the news page is inforgivable in this day and age.

And this is the problem: in this age of being supposedly “open” about everything, some will wonder why they aren’t being upfront with customers. I know I wouldn’t stay with them now – for two reasons: one, the data security issue, but equally, two: I wonder what else the company aren’t telling me if they aren’t telling me about this? There may be nothing (and the company is very reputable and praised), but the doubt has now been put in my head and that’s enough for me to think twice about staying with them.

This is a bad story – for Best Western Hotels – but with some PR savvy (hitting the IT press, business press, consumer and travel publications, relevant bloggers), they could have come out of this quite well and with minimum business impact. You could never have killed the story (and to be fair they have worked well with the Sunday Herald on this one – and they did close the loophole) but they could have come out of it a lot more PR positive and aggresively (in a nice way).

ADD: I see the Press Trust of India has picked the tale up, on the Indian hacker connection. Looks like the tale’s going global.

If Best Western Hotels had been hoping they could sit this one out or that it might be confined to Scotland (you’d be surprised how many companies think that way – ignore the tale and it might not spread) then they were wrong. Going to be a busy Monday for their PR team (though you would hope they were on it today and had pre-recorded audio and video to issue to news outlets).

ADD 2: Paul Ferguson’s blog all the way over in Sunny Silicon Valley, California has the Best Western Hotels story as well, so that’s people blogging on it across a chunk of the globe with news outlets picking it up too. Ouch.

ADD 3: The .co.uk website has a little piece on their front page – nothing on the .com page though – but it’s little more than a basic statement. From the viewpoint of a potential customer, I’m sorry but that’s not good enough as it doesn’t provide enough information.

From a PR viewpoint, it’s hardly reassuring either – especially as the story made Slashdot and more than 200 other news outlets across the globe. That story has now potentially hit the majority of the world and there’s been little response. A poor show and easily preventable – especially as the forums show questions being asked that the company could easily have taken care of.

UPDATE (Tues Aug 26): In the interests of fairness, I should point out that Best Western have now responded .