Hotels.com is warning nearly a quarter-million customers that they may have had their credit card numbers stolen, following the theft of an unencrypted laptop belonging to the travel website’s auditor, Ernst & Young Global.
The laptop was stolen in late February after an Ernst & Young employee left it inside a locked vehicle, according to Hotels.com Senior Compliance Officer Cathy Bump. Ernst & Young notified Hotels.com of the theft on May 3, and after determining which customers were affected by the data breach, the two companies began sending out letters last week notifying approximately 243,000 customers of the theft.
The laptop contained names, addresses, and credit or debit card information, mostly related to Hotels.com transactions that occurred in 2004, although some customers who made purchases in 2003 and 2002 were also affected.
The computer was stolen somewhere in Texas, though Bump would not name the city where the theft occurred. Hotels.com, which is owned by Expedia, is based in Dallas.
The combination of tough data breach-notification laws and stolen laptops is keeping compliance officers such as Bump very busy these days. Last month, the U.S. Department of Veterans Affairs reported that a stolen laptop and external hard drive were to blame in the loss of sensitive information on 26.5 million U.S. veterans. And Fidelity Investments lost confidential information on nearly 200,000 Hewlett-Packard employees earlier this year under similar circumstances.
There is no indication that the thief was trying to steal sensitive information, and there have been no indications to date that the stolen information has been misused, said Ernst & Young spokesman Ken Kerrigan.
Since the theft, however, Ernst & Young has encrypted data on all laptops within its U.S. and Canadian operations, Kerrigan said.
Ernst & Young is offering one year’s free credit monitoring to all Hotels.com customers affected by the breach.
-Robert McMillan, IDG News Service
For related news coverage, check out our Special Report: VA Data Theft.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.