Customer data lost in Hotels.com security breach (06/05/2006)
By Michael Milligan
http://www.travelweekly.com/articles.aspx?articleid=51685
Data containing the names and credit card information of more than 200,000 Hotels.com customers has gone missing, according to officials from the travel retailer, and the site is working with law enforcement to recover the information.
Hotels.com added the data theft was not related to a hacker breaching the site?s security. Instead, the breach involved information from the site stored on a laptop computer used by an employee of Ernst & Young, an auditing firm that at some point apparently went missing.
?It was actually a financial services audit,? Cathy Bump, Hotels.com?s senior compliance officer told TravelWeekly.com. ?It is routine to provide financial and transactional information to an auditor.?
Ernst & Young informed Hotels.com on May 3 that the laptop was unaccounted for in late February. Hotels.com, an operating company of Expedia, Inc., said the missing data was limited to its customers.
Bump said Hotels.com?s auditing data contained the names, addresses and information pertaining to at least one credit card for 243,000 of the Web site?s customers.
?We are taking the incident very seriously,? said Bump, but she noted the situation was different from ?an actually incident of identity theft? where enough information is pilfered to essentially allow someone to financially assume the role of someone else.
In this case, Bump said, the ?potential fraud should be limited to particular [credit] cards?.
?We have notified the customers [by letter] and we are advising them to monitor their credit card statements, and contact their card companies if they see any suspicious or unauthorized charges,? Bump said. ?We?ve contacted law enforcement and we are working with them to monitor? whether anyone has misused the data.
In addition, Hotels.com is offering the option of free credit monitoring to affected customers.
So far, Bump said, ?there has been no evidence of misuse. We are reassured at this point to see that there is no evidence of any misuse of the data and we will continue to monitor it.?
Hotels.com and Ernst & Young have also established two hot lines to aid customers: (866) 387-2242 in the U.S. or (201) 872-0169 for those calling from outside the U.S.
Hotels.com joins a wide array of companies that have fallen victims to incidents of lost or stolen data.
In January, Marriott Vacation Club International said computer tapes containing credit card information and other data on some 206,000 of the company?s 250,000 timeshare owners and customers went missing from its offices.
Other companies ranging from Lexus Nexus to the Ford Motor Company, as well as educational institutions have had similar incidents.
The Federal Trade Commission estimated in a 2003 report that some 10 million Americans have been directly impacted by data theft.
?The focus clearly has been on online security, but in fact if you monitor the breaches that are occurring periodically, it is really not online focused,? said Bump. ?The fact that a transaction occurred initially online verses offline really doesn?t have such a great impact on the chances that there ultimately might be a breach. So I don?t think this is a statement at all about online security.
?Hotels.com places great emphasis not only on our internal security practices but also monitoring and assessing the security practices of our vendors, which we do on an ongoing basis,? she added. ?This points to the importance of doing that.?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com