LAST TIME I USE HOTELS.COM djf Ernst & Young laptop loss exposes 243,000 Hotels.com customers

[David Farber <dave () farber net>]

Begin forwarded message:

From: Ari Ollikainen <Ari () OLTECO com>
Date: June 2, 2006 12:00:22 PM EDT
To: dave () farber net
Subject: Ernst & Young laptop loss exposes 243,000 Hotels.com customers

        E&Y seems to have a very casual approach to protecting customer
        data when it comes to laptops...

Original URL: http://www.theregister.co.uk/2006/06/01/ey_hotels_laptop/

Ernst & Young laptop loss exposes 243,000 Hotels.com customers
By Ashlee Vance in Mountain View
Published Thursday 1st June 2006 23:14 GMT

Exclusive Ernst & Young's laptop loss unit continues to be one of the
company's more productive divisions. We learn this week that the
accounting firm lost a system containing data on 243,000 Hotels.com
customers. Hotels.com joins the likes of Sun Microsystems, IBM,
Cisco, BP and Nokia, which have all had their employees' data exposed
by Ernst & Young, as revealed here in a series of exclusive stories.

The Register can again exclusively confirm the loss of the Hotels.com
customer information after having received a copy of a letter mailed
out jointly by the web site and Ernst & Young. A Hotels.com spokesman
also confirmed the data breach, saying Ernst & Young notified the
company of the laptop loss on May 3. The laptop in question was
stolen from an Ernst & Young worker's car in Texas and did have some
basic data protection mechanisms such as, erm, the need for a
password.

"Recently, Hotels.com was informed by its outside auditor, Ernst &
Young, that one of Ernst & Young's employees had his laptop computer
stolen," Hotels.com told its customers in the letter. "Unfortunately,
the computer contained certain information about customer
transactions with Hotels.com, and other sites through which we
provide booking services directly to customers, from 2002 through
2004.

"This information may have included your name, address and some
credit or debit card information you provided at that time."

Ernst & Young in February lost one laptop that held information on
what's believed to be tens of thousands of Sun, IBM, Cisco, BP and
Nokia employees. It's not clear if this was the same system in the
Hotels.com incident. Ernst & Young has not returned our calls seeking
comment and has been reluctant to provide information on these
incidents in the past.

Ernst & Young in February also lost four laptops in Miami
(http://www.theregister.co.uk/2006/02/26/ey_laptops/) when its
workers decided to leave their systems in a hotel conference room
while they went out for lunch.

Major media outlets have so far ignored the Ernst & Young laptop
incidents, although they were quick to follow on our confirmation
(http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/) of a
Fidelity data breach that saw 200,000 HP workers have their
information exposed.

Ernst & Young offers a variety of security services to customers, and
encourages clients to be transparent with their policies around
customer data issues. The company, however, has not exactly been
proactive with regard to its own issues.
--

            +------------------------------------------------------+
            |If the lessons of history teach us anything it is that|
            |nobody learns the lessons that history teaches us.    |
            +------------------------------------------------------+



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/