Booking.com hit with €475k fine for late security breach report

Booking.com hit with €475k fine for late security breach report
Updated: 01 Apr, 2021
2 mins read

The Dutch government, through the security watchdog, has fined Booking.com a whopping €475,000 Euros.

According to the EU’s foremost privacy regulator, the fine was imposed because of a security breach’s late report. The hotel booking website had undergone a security breach on January 13, 2019, but did not report until February 7.

As a legally registered business in Amsterdam, Netherlands, the law dictates that the company should have reported the case within 72 hours. Its failure to report the case was a violation of privacy regulation in the country, hence the fine.

In an official statement, VP of Dutch regulator Monique Verdier said:

“This is a serious violation. A data breach can, unfortunately, happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the recurrence of such a data breach, you have to report this in time.”

Over 4,000 customers affected

The security breach affected more than 4,000 customers of hotel booking service providers, a report says. Out of this number of customers who booked a hotel in UAE, the credit card details of almost 300 customers were stolen.

After almost a month of the attack, the company’s report of the security breach neither helps prevent damage to customers nor prevents the recurrence of attacks. 

This is not the first time Booking.com is facing an attack. In November 2020, the platform experienced another attack with millions of its customers’ data potentially exposed.

The investigation found that the breach was caused by Booking.com reservation company Prestige Software storing customers’ payment details with no protection. Any customer who had booked with the company since 2013 was affected by the breach. 

Things got out of hand

Booking.com has admitted its failure in reporting the breach in time. However, in its defense, the company’s spokesperson said they were working internally to resolve the issue, but things got out of hand. 

As a result, the company had no choice but to report to the regulator, at which time the card details of hundreds had leaked. 

Latest News

Join us on Twitter or Telegram

Or follow us on Flipboard Flipboard

Like the article? Vote up or share on your social media

Recommended content

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s

Justinas Baltrusaitis

Justin crafts insightful data-driven stories on finance, banking, and digital assets. His reports were cited by many influential outlets globally like Forbes, Financial Times, CNBC, Bloomberg, Business Insider, Nasdaq.com, Investing.com, Reuters, among others.