Call Me Irresponsible – EY Losing Laptops Left and Right

/in


From The Register, an on-line compendium of news about IT, hardware/software, security…

Ernst & Young’s laptop loss unit continues to be one of the company’s more productive divisions. We learn this week that the accounting firm lost a system containing data on 243,000 Hotels.com customers. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees’ data exposed by Ernst & Young, as revealed here in a series of exclusive stories.…The laptop in question was stolen from an Ernst & Young worker’s car in Texas and did have some basic data protection mechanisms such as, erm, the need for a password…

“Unfortunately, the computer contained certain information about customer transactions with Hotels.com, and other sites through which we provide booking services directly to customers, from 2002 through 2004.This information may have included your name, address and some credit or debit card information you provided at that time.”

…Ernst & Young in February lost one laptop that held information on what’s believed to be tens of thousands of Sun, IBM, Cisco, BP and Nokia employees…Ernst & Young in February also lost four laptops in Miami when its workers decided to leave their systems in a hotel conference room while they went out for lunch…Ernst & Young offers a variety of security services to customers, and encourages clients to be transparent with their policies around customer data issues…

PWC and a number of other companies, including one of my current clients, use hard drive encryption software such as SafeGuard Easy to render the data in a laptop useless if misplaced or stolen. I know how comforting that can be.

On a recent trip to Washington DC, I brought both my personal laptop used for all my business and person activities and a laptop issued by a current client. Passing through security at American Airlines – Reagan National Airport on the way back to Chicago, I was unsuccessfully trying to manage all my books, my purchases (a beautiful Jackie O replica pin from the Smithsonian Shop) and two laptops. I accidentally picked up someone else’s Dell Latitude (my client’s PC) and that person picked up mine. Since they are the exact same laptop and neither of us had a big orange sticker or business card on the top lid, I believe it was an honest mistake by both of us.

Upon returning to my client’s office the next day, I turned on the machine and, based on the wallpaper, realized it was not mine. Fortunately, there was company identification on the back of the laptop. My client’s Security Director was able to contact the other company. Since it was a Mexican company, he drove down to the border in a black van with tinted windows and the two company security guys did a laptop hostage swap at midnight at the Laredo/Nuevo Laredo crossing.

Just kidding…

Thanks for subscribing to the re: The Auditors feed. Please tell a colleague about the blog. Drop me a line at fmckenna@mckennapartners.com if you have a comment or complaint.