Dutch DPA fines Booking.com for delay in reporting data breach

Booking.com has been fined with €475,000 for delay in reporting a severe data breach, the Dutch Data Protection Authority (DPA) has reported.

The breach allowed criminals to obtain the personal data of 4,109 customers, as well the credit card information of 283 people; in 97 cases criminals got the credit card security code.

The events ocurred in December 2018, when the criminals convinced –through a telephone scam– the hotel staff of 40 hotels in the United Arab Emirates to reveal the log-in details in the Booking.com system of 4,109 customers who had booked a hotel room in their facilities in the EUA. Data included names, addresses, telephone numbers and booking information.