The Netherlands Data Protection Authority has fined Booking.com €475,000 for notifying it too late that criminals had accessed the data of 4,109 people who booked a hotel room via the website.
The Autoriteit Persoonsgegevens (AP) said criminals managed to extract the login credentials to their Booking.com accounts from employees of 40 hotels in the United Arab Emirates using social engineering techniques.
They then gained access to data including users' names, addresses, telephone numbers, and details about their booking. It added (translated from the Dutch):
Booking.com told The Register there had been no incursion into its "internal systems (neither the code or databases that power the Booking.com platform were compromised)," adding that the incident was "isolated to 40 hotels in the UAE where partners provided the log-in details to their Booking.com accounts to ..
Support the originator by clicking the read the rest link below.
