Booking.com, an online travel agency has been fined €475,000 for not reporting the data breach within the stipulated time frame crafted by the General Data Protection Regulation (GDPR).
In what is known to our Cybersecurity Insiders, the accommodation booking agency meant for travelers suffered a data leak when scamsters called in 40 of its employees based in the United Arab Emirates to get sensitive info related to customers. In this process, they gained access to personal details of over 4100 customers who booked accommodation in various hotels across UAE.
Sources report that the cyber crooks accessed sensitive information such as credit card details, and CVV codes of customers who booked for a holiday trip via Booking dot com.
Many of the customers later reported that the cyber crooks tried to pretend as hotel employees and gained access to card details that could have been later used for phishing scams.
Although none of the employees related to Booking.com were found guilty, the company failed to prevent such cyber scams by taking necessary action by creating awareness among its employees and customers on the threats lurking in the cyber landscape.
Booking dot com failed to identify and warn its customers until February 7th of 2019- a breach of GDPR that makes it mandatory for companies to inform their customers & the data watchdogs about cyber incidents within a time frame of 72 hours.
Therefore, the Dutch company has been slapped with a penalty of €558,000 for notifying its customers and the Dutch Data Protection Authority lately about the breach.
Note- In the year 2014, the data watchdog in the United States asked booking.com to weed out dozens of phishing websites that were operating in its name and duping customers by siphoning funds from their accounts in fraudulent ways.