The auditor for Hotels.com is Ernst & Young, and one of their staff working on the audit had their laptop stolen from their car, compromising the credit card data of approximately 243,000 customers.
These things will happen, but what I don’t understand is whether they’re just assuming whoever stole the laptop is going to be able to crack the password that is no doubt protecting it. I have to enter two different passwords just to get into my work laptop, one to boot up and one to log in.
Am I missing something here? Are passwords not enough to protect the data? Can you just rip the hard drive out of the laptop somehow and extract the data that way? Is any data truly safe, then?
EY has pledged to encrypt sensitive data such as this in the future, so maybe that holds the key to safeguarding the intangible assets of audit clients.
Heheh.
Funny thing is that the thief, while he probably doesn’t know still, has an increased likelihood of finding out about the credit card data now that a press release has been issued.
The probability was low to begin with, but you can bet there are credit card fraudsters looking for that laptop.
Mass hysteria in mass media is only exceeded by mass hysteria in the blog world. The register really went to town in their series – http://www.theregister.co.uk/2006/02/25/ernst_young_mcnealy/
Then again, they *are* a tabloid.
Then there’s theonion.com’s take on the whole thing: http://www.theonion.com/content/node/27431
Wow, that Register article sure was harsh. I really doubt anything’s going to happen with the data. We’ll see I guess.
More stolen machine news: http://www.cnn.com/2006/US/06/07/vets.data.ap/index.html?section=cnn_latest