Expedia records show almost a quarter of a million customers, including names and credit card numbers were stolen from one of Expedia’s auditors from Ernst and Young, one of the laptops that combines these records. The question asked, the data on the laptop including reservation data, or financial and transaction data (names, credit card numbers, and amount of bills) was tapped into. It was confirmed from Ronald Low, a spokesperson for the crisis public relations that, “the information on the Ernst and Young laptop was credit card transaction information only, not reservation data.
Expedia has not said that the privacy commitments from Ernest and Young would be required under other countries’ laws although as a precondition to allow Ernest and Young to access personal information of a customer or reservation records. In the past, this lack of transparency has been one of the major problems of customer complaints against Hotel.com especially when customers had problems with check-in and did not know whom to call. Customers of Expedia divisions in Canada and Europe many not have known that their personal data was being passed on to Hotel.com within the USA.
Hotel.com was questioned whether they attempt to identify or keep a record of the country which the personal information was collected from and are there going to be action taken for all people whose data may have been stolen. The response in behalf of Expedia was, “we do not track or capture geographies aside from the address customers provided for the transaction.” In other words, make no attempt to keep track of legal conditions under which personal information is provided. Even if they comply with the law in Canada and Europe, there data structures would not be adequate to support compliance with the laws in those jurisdictions.
Expedia says, we encourage customers to review the information privacy practices of any travel suppliers whose products them to purchase on Expedia,” but...