By
Catalin Cimpanu
. March 31, 2021
The Dutch Data Protection Authority has fined hotel booking website Booking.com €475,000 ($560,000) for reporting a security incident 22 days after it happened, in breach of EU GDPR regulations that dictate that all breaches must be disclosed within 72 hours.
According to a copy of the fine’s text, obtained by
The Record, the fine was imposed for a security breach that took place in December 2018, after hackers gained access to the Booking.com login credentials for employees of 40 hotels in the United Arab Emirates.
At the time, the hackers accessed the Booking.com platform and collected the
details of 4,109 people who booked a hotel room in the UAE via the Dutch company’s site.