Hotels.com Credit Card Customer Data Stolen
Another theft of computing equipment where data critical to a business or it’s customers has been stolen. Wonder how long it will be before companies start requiring encrypted laptop volumes.
Hotels.com is warning nearly a quarter of a million customers that they may have had their credit card numbers stolen, following the theft of an unencrypted laptop belonging to the travel Web site’s auditor, Ernst & Young Global.
“[Hotels.com and Ernst & Young]…the two companies began sending out letters last week notifying approximately 243,000 customers of the theft.”
One thing I know for sure…I don’t want it to be MY laptop that’s stolen and divulges a quarter of a million customers to the world. Where I work that’s called a ‘career limiting move’.
Lessons to be learned:
1. Encrypt data on your systems that you are not willing to see left on a park bench or published on the internet.
2. “Locked in your vehicle” is not a safe place for your work or personal laptop anymore.
3. Portable hard drives/USB keys need to be encrypted too.
4. Companies: define security policy, enforce security policy
My work and personal laptops have encrypted hard drives, BIOS power-on passwords, and logon passwords. If I am away from my office, a cable lock secures my laptop when my eyes aren’t on it. You can’t be too careful.
Article: Yahoo News, Hotels.com Customer Data Stolen
Technorati Tags: steve watson, privacy, pii
