tried to hide data leak and ended up fined


The Netherlands data protection authority fined the hotel booking platform € 475,000 – about R $ 3.1 million in direct currency conversion.

The reason is a behavior considered inappropriate in the case of cyber attacks, according to European Union regulations, the GDPR. The service had data accessed by third parties, but it took 22 days to report the incident. In legislation, the maximum allowed time is 72 hours after discovering the security breach.

In response to the fine, acknowledged the flaw and will not appeal against the fee. In addition, the company reinforces that it has taken all necessary measures to ensure the safety of customers, including its own investigative measures that led to the delay in notifying the authorities.

The blow

According to The Record, the invasion took place in December 2018 and resulted in the data collection of 4,109 people who booked a room in a hotel in the United Arab Emirates.

Credit card numbers and their security codes were also accessed, and in some cases, criminals even contacted victims pretending to be from to apply scams.

The invasion was possible after the bandits gained access to the credentials of one of the platform’s employees, using techniques not detailed in the report.


Please enter your comment!
Please enter your name here