The Ashimmy Blog: Hotels.com data theft

June 03, 2006

Hotels.com data theft

I just read today that the laptop that was stolen from an Ernst and Young employee a while back, contained nearly a quarter of a million names, addresses and credit card numbers of customers of Hotels.com. The laptop was stolen out of a locked car (oh OK, I guess that means it was not their fault, not!). Hotels.com is sending out letters to those whose data was stolen. Again I ask, what is that data doing on a laptop? Why can't that data be accessed via a secure network connection from a server kept in a safe, secure location?

E&Y who is really the culprit here, now says this won't happen again, as they are encrypting all data stored on their laptops. Great, some data at rest encryption company just closed a nice sale. But that does not go to the heart of the issue, that kind of data does not belong on a laptop. When I give my data to a supposedly secure web site vendor or any vendor for that matter, I do not expect that data to ever be put on some laptop and moved around in a car, briefcase, taken home or anywhere else for that matter. I just don't see a good reason for it. We have enough network access to make this a fact. I am tired of reading about these kinds of data losses.

Posted at 10:02 AM in Current Affairs, General Security, identity theft | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d8345d04a069e2

Listed below are links to weblogs that reference Hotels.com data theft:

» Full Drive Encryption on Laptops - Time for all of us to 'nut up or shut up!" from Rational Security
Given all of the recently disclosed privacy/identity breaches which have been demonstrated as a result of stolen laptops inappropriately containing confidential data, we've had an exponential increase in posts in the security blogosphere in regards to ... [Read More]