Ernst & Young has lost a laptop containing the private details of 243,000 Hotels.com clients. The computer was stolen from a car belonging to one of the accounting firm’s employees. It has since been reported that Ernst & Young is taking measures to encrypt all the data on its portable computers. According to experts at InfoWatch, the company should have applied security measures long ago and risks doing irreparable damage to its reputation.
Ernst & Young's laptop loss unit continues to be one of the company's more productive divisions, The Register wryly notes. This time the auditor lost a laptop containing the private details of 243,000 Hotels.com clients. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees' data exposed by Ernst & Young.
Late in May Ernst & Young and Hotels.com started notifying those affected. A representative of Hotels.com confirmed the data breach, saying Ernst & Young notified the company of the laptop loss on May 3. It was also revealed that the laptop in question was stolen from the car of an Ernst & Young employee in Texas. The only form of protection on the computer was a password, suggesting the thieves would be able to access the sensitive information fairly easily.
According to other sources, Ernst & Young has since decided to encrypt all confidential data on the firm’s laptops. This sort of step should have been taken long ago because the auditing company has already hit the headlines on a number of occasions after similar data breaches.
The letter sent out by Hotels.com states that the computer contained certain information about customer transactions with Hotels.com. It would appear then that along with their names, addresses and social security numbers, the victims’ credit card numbers have been stolen as well. This will significantly increase the value of the private data in the eyes of the criminal underworld. It also means there is a heightened risk of the Hotels.com clients falling victim to identity theft.
In February of this year Ernst & Young lost a laptop which contained confidential data on tens of thousands of Sun, IBM, Cisco, BP and Nokia employees. It is not clear if the same computer contained the Hotels.com data and Ernst & Young has been waiting since winter to go public.
“It is high time that the auditing firm started worrying about its reputation. The name of the company is appearing far too often in the press in the context of unpleasant data breaches. Considering the fact that Ernst & Young itself advocates the principles of security and transparency to its clients, it really ought to put its own house in order first and solve the problem of leaks and insiders,” says Denis Zenkin, marketing director at InfoWatch.
Source: The Register
