If you have and if you reserved the room via the online reservation system then be prepared for possible credit card fraud :
http://www.sundayherald.com/news/heraldnews/display.var.2432225.0.0.phpIgnoring the inflated figures, this is bad. Really bad. I've seen what's on MemberWeb (that's what hotels call it) and it would indeed be possible to put together "burglary packs" as The Herald calls them. ID theft? In some instances yes, no problem as there will be passport/visa numbers, DoB, bank account numbers, addresses, flights etc etc. CC fraud? Trivial and everything is there to do cardholder not present transactions.
It shouldn't be possible for staff from one hotel to modify another hotels booking (BW hotels are independently owned, not a chain) but it is so there's no real separation, which is how I assume one login harvested that many records.
The only surprise is that it needed a trojan to steal the password. The staff usually can't remember the alphanumeric case-sensitive passwords so they have it written down somewhere - on the wall, in plain view in one hotel I was in
I do hope that this is just the European database rather than the UK database which has been compromised. Now perhaps the wisdom of SecurID keyfobs or similar might become clear. Then again who's going to pay for that?
Edit - I've recommended to people for some time now that you have a throwaway card for hotels. There are prepay ones now which are ideal for this.
