Connect with us

Data

Dutch data protection authority fines Booking.com €475,000

SHARE:

Published

on

We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. You can unsubscribe at any time.

Dutch Data Protection Authority (AP) has imposed a fine of €475,000 on Booking.com for a data breach where criminals accessed the personal data of more than 4,000 customers, including obtaining the credit card details of nearly 300 users of the popular travel site.

The criminals extracted login details to the accounts from employees of 40 hotels in the United Arab Emirates.

Phishing

"Booking.com customers ran the risk of being robbed here," said Monique Verdier, Vice President of the Dutch data protection agency. "Even if the criminals did not steal credit card information but only someone's name, contact details and information about his or her hotel booking. The scammers used that data for phishing."

"By pretending to belong to the hotel by phone or email, they tried to take money from people. That can be very credible if such a scammer knows exactly when you booked which room. And asks if you want to pay for those nights. The damage can then be considerable, "said Verdier.

Booking.com was notified of the data breach on 13 January, but didn't report it within the mandatory three day period after discovering a breach. Instead, they waited a further 22 days.

"This is a serious violation," said Verdier. "Unfortunately, a data breach can happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the repetition of such a data breach, you must report this in time. Speed is very important." 

Advertisement

Share this article:

EU Reporter publishes articles from a variety of outside sources which express a wide range of viewpoints. The positions taken in these articles are not necessarily those of EU Reporter.

Trending