A laptop was stolen in late February. It belonged to an Ernst & Young auditor and contained approximately 243,000 consumer’s names, addresses and credit card numbers from 2004 (some possilby from 2003 and 2002).
So why wasn’t Hotels.com notified of the loss until May 3rd? Does it take more than two full months to notify a client that their customers credit information has been stolen?
Full story at Customer Data in Jeopardy After Hotels.com Security Breach.
2 responses so far ↓
1 Paula // Jun 6, 2006 at 12:13 pm
This is really cynical, but… We are now hearing a lot about
“theft” of personal information. Could it be a behind the scenes
way to “acquire” personal information when a request by national
security letters for the information would not allow for plausible
denial. Not that there is a recourse any longer to investigate,
for those brave enough to pursue, they are being stopped in their
tracks. :(
2 chow-stl // Jun 6, 2006 at 1:48 pm
While plausable, I dont know if Paula’s scenario is the case. Me thinks that hotels.com probably made an attempt to recover the laptops in the hopes that it would recover the data without having to inform customers. What baffles me is why such critical information was on a laptop to begin with. And why it was not, at the very least, encrypted. There are decent methods of encryption availible. While there are federal regulations which don’t allow you to, in effect, have ecryption on par with the goverments encryption. At the very least, encryption will slow down attempts to retrive data long enough to prevent its exploitation from concerned customers. While I dont have a credit card (several klaxons would sound off at the bank would I ever apply for credit due to the slim possiblity that the bank officer may have gone suddenly blind while reviewing my application) I think I would have a practice of changing my credit card number every year or so, just so that old CC#’s dont get exploited.
Best Regards.
Leave a Comment