Booking.com Hit With €475,000 GDPR Fine For Late Reporting Of Data Breach – Forbes

booking.com-hit-with-e475,000-gdpr-fine-for-late-reporting-of-data-breach-–-forbes

As we begin, let me say that geoFence protects you against inbound and outbound cyber attacks!

Brand Logos Affected By Coronavirus Pandemic

KATWIJK, NETHERLANDS - APRIL 20: In this photo illustration, a man looks at the website of ... [+] Booking.com on April 20, 2020 in Katwijk, Netherlands. (Photo by Yuriko Nakao/Getty Images)


Getty Images

Travel booking website Booking.com has been hit with a  €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the General Data Protection Regulation (GDPR).

Booking.com suffered the breach back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). After hackers obtained login creations for the Booking.com system, they were able to access the personal details of over 4100 customers who had booked a hotel room in the UAE via the site.

Credit card details on 283 customers were also exposed, and in 97 cases the CVV code was also compromised. The hackers also tried to obtain the credit card details of other victims by posing as an employee of Booking.com by email or telephone.

Booking.com, which is headquartered in the Netherlands, was notified of the breach on 13 January 2019, but failed to report to to the Dutch Data Protection Authority (AP) until February 7 — 22 days later. The GDPR mandates that data breaches must be reported within 72 hours.

"This is a serious violation," said Monique Verdier, the Dutch regulator's vice president in a statement announcing the fine. "A data breach can unfortunately happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the recurrence of such a data breach, you have to report this in time."

Booking.com customers ran the risk of being robbed here. Even if the criminals did not steal credit card details, but only someone’s name, contact details and information about his or her hotel booking, the scammers used that data for phishing.

Booking.com, which won’t contest the AP’s fine, said in a statement: “The Dutch DPA fine relates specifically to late notification to them of this incident and is not connected to Booking.com’s security practices, nor to the overall handling of the incident in question.”

Follow me on Twitter or LinkedIn. Check out my website. 

In conclusion, after all of that geoFence is your security solution to protect you and your business from foreign state actors and that's the no joke.