Hotels.com's Customer Names, Credit-Card Data Stolen

About 243,000 customers' names and credit card numbers were in a laptop stolen in February from the car of an employee of accounting firm Ernst & Young LLP, Hotels.com's auditor, the Wall Street Journal reported Friday.

The theft, which occurred in a Texas parking lot, appeared to be random, according to Ernst & Young.

"We have no indication that the thief was specifically targeting the laptop or any information contained on it," Kenneth Kerrigan, a spokesman for the firm told TechWeb in an email.

Following the theft, it took Ernst & Young more than a couple of months to determine what was on the hard drive, the newspaper reported. A spokesman for Hotels.com, which is owned by Expedia Inc., said the online company was notified in early May and started notifying customers last week. The delay was caused, in part, by having to check the names of the credit card holders, since the person on a hotel reservation may not necessarily be the one who paid for the room.

"A hundred percent of our time has been spent getting to customers quickly and figuring out which customers were affected," the spokesman said. "We haven't had much time to look back and point fingers and figure out who's to blame."The stolen laptop was password-protected, and the theft was immediately reported to law enforcement, Ernst & Young said.

"At this time we have no indication the information has been accessed or misused in any way," Kerrigan said.

Since the theft, Ernst &Young has started encrypting data in company laptops. The extra layer of security has been added to 30,000 portable computers in the United States and Canada, Kerrigan said.

Ernst & Young has been involved in two other thefts of such data, according to the Wall Street Journal. Earlier this year, a laptop containing personal data of Goldman Sachs employees was stolen in New Jersey from a locked car of an Ernst & Young employee. Another Ernst & Young laptop containing information on employees from a number of companies was stolen from a locked conference room in a Florida office building.

The theft of personal data remains an ongoing problem among companies. The top five data-loss incidents last year, in terms of number of people affected, were CardSystems, 40 million; Citigroup, 3.9 million; DSW Show Warehouse, 1.4 million; Bank of America, 1.2 million; and Wachovia, Bank of America, PNC Financial Services Group, Commerce Bancorp, 676,000.0