UPDATED: Hotel booking site Hotels.com has begun sending out letters to some 243,000 customers whose names and credit card numbers were on a laptop stolen from an employee of Ernst & Young, the accounting firm.
The computer was stolen from the locked trunk of the Ernst & Young employee’s car in a Texas parking lot in late February, Hotels.com said.
After reconstructing what data was on the machine, Ernst & Young, auditor for the online hotel specialist, told Hotels.com on May 3 that the computer contained a file of Hotels.com data.
“Once we were notified, we began working as quickly as possible to determine which customers were impacted and to notify them,” a Hotels.com spokesperson said.
The company began sending letters to affected customers, which included those who booked hotels from 2002 to 2004, on May 26.
Hotels.com said it and Ernst & Young are providing a year’s worth of free credit monitoring services for customers who had their credit card information on the laptop.
Ernst & Young spokesman Kenneth Kerrigan confirmed the theft but refused to provide any additional details. “We don’t want to impede on the investigation and hopefully can track this down as remote as that may be,” he said.
Kerrigan also issued a company statement about the theft.
“The security and confidentiality of our client information is of critical importance to Ernst & Young and we regret any inconvenience or concern this incident may have caused Hotels.com and their customers,” the statement said.
“The crime appears to be a random theft, and we have no indication that the thief was specifically targeting the laptop or any information contained on it.”
The computer was also password-protected and the theft was immediately reported to law enforcement officials. The company also said it has no proof the information has been accessed or misused in any way.
Kerrigan added that Ernst & Young has encrypted the laptops of its 30,000 employees around the world as a precaution against any additional thefts.
Ernst & Young laptops are apparently a popular item to steal.
An Ernst & Young employee’s laptop containing data about Goldman Sachs employees was stolen from a car in New Jersey earlier this year.
Also, an Ernst & Young laptop containing information of employees from a number of companies was stolen from a conference room in an office building in Florida.
The incidents are the latest in a growing list of businesses and government agencies to be exposed to data theft threats from stolen computers or network breaches.
Personal information on 26.5 million veterans was compromised when someone pilfered a laptop containing the data from the home of a Department of Veterans Affairs’ (VA) employee.
The Privacy Rights Clearinghouse said that since February 2005, almost 82 million people have had their personal information potentially exposed by unauthorized access to the computer systems of companies and institutions.
You can view a chronology of reported breaches since February 2005 here.
Updates prior version to include comments from Hotels.com.