http://www.theregister.co.uk/2006/06/01/ey_hotels_lapto
p/
By Ashlee Vance in Mountain View
1st June 2006
Exclusive - Ernst & Young's laptop loss unit continues
to be one of
the company's more productive divisions. We learn this week
that the
accounting firm lost a system containing data on 243,000
Hotels.com
customers. Hotels.com joins the likes of Sun Microsystems,
IBM, Cisco,
BP and Nokia, which have all had their employees' data
exposed by
Ernst & Young, as revealed here in a series of exclusive
stories.
The Register can again exclusively confirm the loss of the
Hotels.com
customer information after having received a copy of a
letter mailed
out jointly by the web site and Ernst & Young. A
Hotels.com spokesman
also confirmed the data breach, saying Ernst & Young
notified the
company of the laptop loss on May 3. The laptop in question
was stolen
from an Ernst & Young worker's car in Texas and did
have some basic
data protection mechanisms such as, erm, the need for a
password.
"Recently, Hotels.com was informed by its outside
auditor, Ernst &
Young, that one of Ernst & Young's employees had his
laptop computer
stolen," Hotels.com told its customers in the letter.
"Unfortunately,
the computer contained certain information about customer
transactions
with Hotels.com, and other sites through which we provide
booking
services directly to customers, from 2002 through 2004.
"This information may have included your name, address
and some credit
or debit card information you provided at that time."
Ernst & Young in February lost one laptop that held
information on
what's believed to be tens of thousands of Sun, IBM, Cisco,
BP and
Nokia employees. It's not clear if this was the same system
in the
Hotels.com incident. Ernst & Young has not returned our
calls seeking
comment and has been reluctant to provide information on
these
incidents in the past.
Ernst & Young in February also lost four laptops in
Miami when its
workers decided to leave their systems in a hotel conference
room
while they went out for lunch.
Major media outlets have so far ignored the Ernst &
Young laptop
incidents, although they were quick to follow on our
confirmation of a
Fidelity data breach that saw 200,000 HP workers have their
information exposed.
Ernst & Young offers a variety of security services to
customers, and
encourages clients to be transparent with their policies
around
customer data issues. The company, however, has not exactly
been
proactive with regard to its own issues. ®
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|