After a data breach occurred in 2019, Booking.com failed to report the breach in due time according to General Data Protection Regulation (GDPR) guidelines. They received a fine totaling half a million dollars for their error.

Attackers were able to obtain login credentials of over 4,000 customers who had used the site to book hotel rooms. Sensitive information such as names and credit card details were exposed. While Booking.com knew of the breach when it occurred, they failed to notify their customers until 22 days after the incident. GDPR guidelines mandate that companies report a breach within 72 hours. By failing to disclose the breach, Booking.com put customers at risk of credit card and identity theft.
Personal data like email addresses, social security numbers, names, birth dates and credit details make it easier for a malicious entity to use this information against you. If even a small amount of personal information is compromised, bad actors can create personalized phishing schemes or ransomware attacks targeting you or your company.
The fact that the company took so long to disclose this information betrays the trust of its customers. In a time where cybersecurity attacks are on the rise, it’s on companies to perform their due diligence and safeguard your data from being compromised.
If your company does any kind of processing of personal data from EU citizens, you are legally obligated to comply with GDPR guidelines. Fines for violating the policy can up to $20 million or 4% of a company’s global revenue. In addition, subjects whose data is affected by a breach or other cyber attack may seek financial compensation for any damages incurred.
While these fines may seem large and intimidating, it’s important to stay on top of your cyber hygiene and insure your business has policies and procedures in place that protect both you and your clients. Social engineering tactics are no joke, and by ensuring compliance, the risk of suffering a financial loss will be minimized.
Need an estimate? Request a quote below!
0 comments on “Booking.com Punished With $500,000 Fine, Didn’t Immediately Disclose Breach”