Thousands of Hotels.com customers may be at risk for identity theft after a laptop computer containing their credit card information was stolen from an auditor, a company spokesman said Saturday.
The password-protected laptop belonging to an Ernst & Young auditor was taken in late February from a locked car, said Paul Kranhold, spokesman for Hotels.com, a subsidiary of Expedia.com based in Bellevue, Wash.
"As a result of our ongoing communication with law enforcement, we don't have any indication that any credit card numbers have been used for fraudulent activity," Kranhold said. "It appears the laptop was not the target of the break-in."
Both Hotels.com and Ernst & Young mailed letters to Hotels.com customers this past week encouraging them to take appropriate action to protect their personal information.
The transactions recorded on the laptop were mostly from 2004, although some were from 2003 or 2002, the companies said. The computer contained personal information including names, addresses and credit card information of about 243,000 Hotels.com customers.
Ernst & Young, which has been the outside auditor for Hotels.com for several years, notified the company of the security breach on May 3.
"We deeply regret this incident has occurred and want to apologize to you and Hotels.com for any inconvenience or concern this may cause," said the unsigned memo from Ernst & Young dated May 2006.
Ernst & Young invites those affected by the incident to enroll in a free credit monitoring service arranged by the auditor.
"We sincerely regret that this incident occurred and we are taking it very seriously," said the letter signed by Hotels.com general manager Sean Kell.
The letter from Hotels.com said "Ernst & Young was taking additional steps to protect the confidentiality of its data, including encrypting the sensitive information we provide to them as part of the audit process."