Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Identity Thief Irene Hijacks Customer Database At Travelodge

Posted August 15, 2011    Peter McCalister

I introduced you to Identity Thief Irene as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Irene” as manifesting in another company with some measurable harm that was newsworthy.

The latest set of articles I found refer to Travelodge UK who had the very embarrassing requirement to send out letters to their registered customer base apologizing for the recent bout of spam they were receiving because a critical database was hacked. The company’s twitter feed stated that they “had not sold customer records, meaning that the data breach was likely to have been the result of a cyber attack.” reported that the letter, signed by Gary Parsons, the CEO of Travelodge said, “Our main priority is to ensure the security of our customers’ data, which is why I wanted to make you aware, that a small number of you may have received a spam email via the email address you have registered with us.”
“Please be assured, we have not sold any customer data and no financial information has been compromised.”

If you have anyone in your organization with excessive privileges (root on unix/linux servers or Admin on Windows desktops) then you run the risk of an outside hacker like “Irene” hijacking those credentials and gaining access to critical information assets. It is also important to have an in-place Database Activity Monitoring solution to log who is touching these assets and what they are doing in order to quickly remediate harm.

Leave a Reply

Additional articles


Retina CS Vulnerability Management Solution Gets Primetime Award for Innovation

Posted October 12, 2015    Sandi Green

Analyst firm Frost & Sullivan presented BeyondTrust with the 2015 award for ‘Best Practices in Enabling Technology Leadership in the Vulnerability Management Industry.

, ,

Answering the age-old question, ‘What’s plugged into my network?’

Posted October 9, 2015    Alejandro DaCosta

“What’s plugged into my network?” is a question I hear frequently from security administrators. And, really, it’s no surprise why. No longer do we have to account just for the physical servers in our datacenters, workstations and a few network devices. Now we need to keep track of roaming laptops, dynamic virtual systems, off-site cloud deployments and BYOD.


Closing the Vulnerability Gap

Posted October 7, 2015    Brian Chappell

Managing vulnerabilities is a significant challenge for many organizations. The main difficulties with managing this manifest in two key areas. The first is that the list isn’t static. The second is priority.