It really makes you wonder when E&Y, as an audit firm, continues to experience large identity breaches. I’m not just talking about their apparent lack of controls to prevent the breach (e.g. don’t leave laptops unattended in the open), or need to disclose (e.g. encryption), I’m talking about the fact that they probably used to lose data all the time but never reported it before the breach disclosure laws came into effect. The Register provides the gory details:
Ernst & Young’s laptop loss unit continues to be one of the company’s more productive divisions. We learn this week that the accounting firm lost a system containing data on 243,000 Hotels.com customers. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees’ data exposed by Ernst & Young, as revealed here in a series of exclusive stories.
Ouch.