Security News > 2021 > April > Too slow! Booking.com fined for not reporting data breach fast enough

The Dutch Data Protection Authority - the country's data protection regulator - has fined online travel and hotel booking company Booking.com almost half a million Euros over a data breach.

The Dutch Data Protection Authority has imposed a €475,000 fine on Booking.com because the company took too long to report a data breach to the DPA. When the breach occurred, criminals obtained the personal data of over 4,000 customers.

With these purloined logins, the crooks retrieved data about 4109 customers' bookings, including at least those customers' names, addresses and phone numbers.

The crooks also got hold of credit card data from 283 of those bookings, including 97 bookings where the CVV had been recorded as well.

December 2018: Data breach started 13 January 2019: Booking.com became aware of the leak.

It's not admitting guilt or a sign of incompetence to make plans in case of a data breach, because won't have time to plan afterwards! Even the DPA admits that "a data breach can occur anywhere, even if you have good precautionary measures in place. But in order to prevent harm to customers and future attacks, you have to report a breach on time." Make sure you know what you need to do, just in case.

News URL

https://nakedsecurity.sophos.com/2021/04/06/too-slow-booking-com-fined-for-not-reporting-data-breach-fast-enough/