On March 31, 2021, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”), announced a fine of €475,000 for Dutch headquartered online travel agency Booking.com for failure to report a data breach within 72 hours of becoming aware of the incident in 2019.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The breach involved unauthorized access to login credentials, enabling criminals to gain access to the personal data of more than 4,000 customers. Compromised details included names, addresses, telephone numbers and approximately 300 credit card numbers.

In a statement (in Dutch) the Dutch DPA noted that Booking.com was informed of the breach on January 13, 2019, but only reported the incident to the regulator on February 7, 2019, some 22 days later and well outside the 72 hour timeframe mandated by Article 33 of the GDPR. Booking.com notified affected customers on February 4, 2019. The regulator noted that Booking.com had taken (unspecified) steps to limit damage to customers and offered to compensate them for any damage suffered. The Dutch DPA’s statement does not explain the reason for Booking.com’s delay in reporting, but states that Booking.com will not object to or appeal the fine.

“This is a serious violation,” said Monique Verdier, Vice President of the Dutch DPA. “Unfortunately, a data breach can happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the repetition of such a data breach, you must report this in time. That speed is very important. . . . Such a large company, with valuable personal data of millions of customers in its systems, has a great responsibility. Customers entrust their personal data to Booking.com. And they must do everything they can to protect the data properly. That means good security to prevent a leak, but also quick action should things go wrong unexpectedly.”

By admin