Comments on: Laptop theft exposes Hotels.com data

Notebook taken from inside car of Ernst & Young employee reopens the issue of compromised clients and customers.

[lat3rintheday]

How useless these people are

I carry a laptop with me all the time and never ever do I leave it in a car, no matter what. And, mind you, i don't carry social security numbers on 200,000+ people...
These companies, and their employers, need to be punished hard for putting us all at risk.

[marileev]

When will the learn? Secure those Laptops

I wonder exactly where the laptop was in the vehicle or even if the car was locked. A NW provider, Providence had several laptops stolen and once the machine was in plain view with the door unlocked. Companies and the Government aren't making it very difficult for thieves because they're not protecting their data with Remote Laptop Security measures http://www.essentialsecurity.com/FAQ.htm#3.8.9

Fidelity, the VA, Bank Of America, Boeing... the laptop theft list just keeps growing. Are they ever going to learn? http://www.iwantmyess.com/?p=58

[cashaww]

These people...

will only learn when it hits them in the wallet.

[marileev]

carelessness with company property

Unfortunately, I think sometimes employees get careless with company laptops. Some employees don't take the same care if they purchased the machine themselves. If people though about $749 to $1299 dollars sitting in plain view in their cars, they wouldn't just leave their laptop. They would probably take the same care you do Lat3rintheday http://www.essentialsecurity.com/educationalfacts.htm

[Kindred_]

WHY DOES EVERYONE HAVE TO HAVE A LAPTOP???

Seriously people, if you have to work on sensitive documents or data, have that tied to a desk workstation in an actual office, where physical security measure can also play a part in keeping the information safe.
There is NO reason why you should be using a laptop if you work with or are in charge with this type of data, EVER.

[marileev]

SOX & GLBA + Risk Training

Companies have an opportunity to learn from the misfortunes of Hotels.com/Earnst & Young, and the other enterprises who've succumbed to Laptop and information breaches. The most effective plan is thorough Risk Training and implementing software which suits your business needs and complies with codes like SOX or Gramm-Leach-Bliley:

GLBA (U.S. Code) 6801 - Customer/client confidentiality and security must be guaranteed. Records and information must be protected against any anticipated threats, hazards and unauthorized access.

Once employees understand the risks of data loss they will (hopefully) do business smarter by securing their documents, emails and laptops http://www.essentialsecurity.com/Documents/article16.htm

We should take a page from Warren Buffett's Lessons for Corporate America "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."

[czmyt]

Need Whole Disk Encryption

I think something more appropriate for securing data at rest like this would be a whole-disk encryption program such as comes with PGP Desktop 9. I don't store any corporate data on my notebook, just personal info like bank account numbers, and I would not take a computer out of my home office without using a whole disk encryption program. If you can't afford PGP Desktop 9 (www.pgp.com), check out TrueCrypt (www.truecrypt.com). It's totally shameful that these data losses are continuing and seem to be getting worse.

[foxlake]

Dopey Morons

What stupid, careless, a-holes. Maybe there should be a law that says because cavalier employees don't seem to give a toss about what happens to other people's information, they should be restricted to using desktop computers. Or maybe a law that says if you leave a laptop laying around in a car, and it gets stolen, and data gets compromised, it's an automatic 20 years in federal prison.

[jaberd]

It makes you wonder

just how many of these "random break-ins" are accidents! I would imagine some organized crime rings would pay a great deal for this much info!
I leave my laptop in my car all the time( nothing important on it)and its never been taken! Just makes ya wonder!!!

[marileev]

lack of trust= lack of business

Some companies don't see Risk Education as an important factor. Being careful and securing laptops will in the end hurt them financially. When businesses aren't seen as trustworthy clients/customers will find someone else to do business with http://www.essentialsecurity.com/Documents/article2.htm

[Lemiz]

An auditor that stupid?

One of the services that E&Y proudly provides is computer and data security audit. Makes you wonder...

I am a business consultant. I NEVER leave my laptop in a car.

[bw49]

Failure by Design

Isn't it time to start holding the business, system, application and data designers responsible for these data thefts?

After years of exposures of private data, we still have applications designed and developed with private data co-mingled with other data. Private data needs to be placed 'behind the wall', secured, encrypted and blocked from the general users -- yes, even including auditors.

That the data is not segregated and secured is an architectural failure, attributable directly to those "professionals" who allow private data to be abused in the first place.

[ll04269]

E&Y Customers Are Also To Blame

I work with auditors all the time. We NEVER allow them to take sensitive info out of our facilities. What was Hotels.com thinking when they handed over their customer transaction logs? Or IBM when they gave out the personnel file?

[madirid]

Sounds great.

<a href="http://www.hotelicia.com">hotels</a>

[madirid]

Sounds great.

http://www.hotelicia.com