Laptop Theft Exposes 243k Credit Cards

The theft of a laptop out of an Ernst & Young employee's car has turned into a massive data breach affecting hundreds of thousands of users of the travel-booking site Hotels.com. Altogether, the names and credit card data of some 243,000 customers have been compromised.

Ernst & Young is the auditor for Hotels.com, thus the company said the employee was within his rights to have possession of the data. Although it believes the incident was merely a car theft, the company is taking steps to prevent future thefts from occurring.

The data was password-protected, but not encrypted. A spokesperson for the company says that as of Wednesday, that policy will change. All computers will now come with encryption software, and sensitive data would be encrypted as well as password protected.

No evidence of identity theft has appeared as a result of the theft. Ernst & Young is also working with Hotels.com to inform those whose personal data was included in the file.

News reports indicate that this is not the first time the accounting firm had lost laptops filled with data. A February article in The Register UK reported that Ernst and Young had lost a laptop with the personal data of employees from Sun Microsystems, Cisco Systems, BP (formerly British Petroleum), and IBM. The firm only disclosed the loss after it was queried on the issue by a Register reporter.

It was rumored that the data even included the social security number of former Sun CEO Scott McNealy, although the firm would not confirm the report.