No Comments

Late incident report gives €755,000 fine


The Dutch Data Protection Authority (AP) imposed a € 475,000 fine on (whose headquarters are in the Netherlands) because of its delay in reporting a data breach to the agency. In the breach, in 2018, criminals stole the personal data of more than 4,000 customers and also managed to obtain credit card details from nearly 300 victims. Criminals obtained login credentials for accessing the system through phone calls to employees at 40 hotels in the United Arab Emirates.

As a result, in December 2018, criminals had access to the data of 4,109 people who made hotel reservations in that country through Booking. The data included names, addresses, phone numbers and other details about the reservation. Criminals also had access to credit card details for 283 people, including the card’s security code in 97 cases. In addition, they attempted to obtain credit card details from other victims by email or telephone by posing as employees.

“ customers were at risk of being ripped off here,” said AP vice president Monique Verdier. Even if the criminals did not steal your credit card details, just someone’s name, contact details and hotel reservation information. Scammers used this data for phishing. ” was notified of the data breach on January 13, 2019, but only informed the AP on February 7 of that year. The company was under an obligation to report the data breach within 72 hours. notified affected customers of the breach on February 4, 2019. The company has taken other measures to limit the damage, such as offering compensation for any damages.

“’s investigation was international,” the Dutch AP said in a statement. “It is an international company with customers from different countries. and has its global headquarters in the Netherlands. That is why the AP conducted this investigation. As it is an international issue, the Dutch DPA coordinated the investigation with the other European privacy regulators ”.

The data breach notification obligation means that both companies and governments must immediately (and within 72 hours at the latest) report serious data breaches to the AP. In 2020, AP saw an explosive increase in the number of hacks aimed at stealing personal data. The number of complaints has increased by no less than 30% in 2020 compared to 2019, according to the Data Leakage Report 2020.

With international news agencies

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.