E&Y Gaffe Exposes Hotels.com Customer Info

The theft of an auditor's laptop has put the data of some 243,000 Hotels.com customers into the hands of unknown criminals.

Hotels.com and auditors at Ernst & Young are warning consumers of an incident that may have exposed the personal data of roughly 243,000 customers of the online travel site.

According to the two companies, an Ernst & Young auditor working with the Hotels.com customer information had stolen from his car a laptop computer that was carrying the data, which included individuals names and credit card numbers. Both Hotels.com, which is owned by online travel conglomerate Expedia, and Ernst & Young have contacted customers whose information was on the stolen device.

/zimages/4/128936.gifTo listen to the UpFront podcast on data theft, click here.

"The security and confidentiality of our client information is of critical importance to Ernst & Young, and we regret any inconvenience or concern this incident may have caused Hotels.com and their customers," Ernst & Young said in a statement.

Expedia spokespeople didnt immediately return calls seeking comment on the data theft.

The Hotels.com customer data breach is the latest in a string of high-profile incidents in which well-known organizations have seen their public images tarnished by embarrassing mishandlings of consumer data.

In May, the United States Department of Veterans Affairs reported that the personal information of as many as 26.5 million veterans was exposed after a break-in to an employees home.

/zimages/4/28571.gifClick here to read more about the theft of veterans personal data.

In a situation very similar to the Hotels.com theft, financial services giant Fidelity Investments reported in mid-February that a laptop containing the personal information of almost 200,000 Hewlett-Packard employees was stolen from an employees car. The Boston-based retirement investment specialist said that the laptop contained the personal data of some 196,000 participants in HPs retirement plans that had been put on the machine for a meeting.

In January, the Federal Trade Commission levied $15 million in fines against ChoicePoint, an aggregator of consumer data whose lax procedures for disclosing personal information to other companies helped touch off a firestorm of attention around the issue. The FTC had charged ChoicePoint with violating the Fair Credit Reporting Act, among other issues.

The company was forced to report that fraudsters had tricked it into revealing the information of some 163,000 individuals under a 2003 California law requiring companies to disclose such data breaches. As a result, many other U.S. states have passed or are considering similar regulations.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.