(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Noutati
/
Fine in the amount of EUR 475 000 applied by Dutch Data Protection Authority to Booking.com for delay in reporting data breach

Fine in the amount of EUR 475 000 applied by Dutch Data Protection Authority to Booking.com for delay in reporting data breach

img 290 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the fine in the amount of EUR 475 000 applied by Dutch Data Protection Authority (DPA) to Booking.com for delay in reporting data breach.

In a telephone scam targeting 40 hotels in the United Arab Emirates (UAE) in December 2018, the criminals persuaded hotel staff to reveal the log-in details for their accounts in a Booking.com system. In this way, the criminals gained access to the data of 4 109 people who had booked a hotel room in the UAE. The data included their names, addresses and telephone numbers, as well as details of their booking.

Furthermore, the criminals were able to access the credit card information of 283 people. In 97 cases, the credit card security code was obtained as well. The criminals also tried to get hold of the credit card information of other victims, by posing as Booking.com staff in emails or on the telephone.

Booking.com was informed of the data breach on 13 January 2019, but did not report it to the DPA until 7 February, which is 22 days too late: data breaches must be reported within 72 hours. The investigation into the Booking.com breach was international in scope, targeting customers from a range of countries. Booking.com’s global headquarters are in the Netherlands, which is why the Dutch DPA performed the investigation, this being coordinated with other European data protection supervisory authorities.

Dutch Data Protection Authority warned it was seeing an explosive increase in the number of hacks aimed at stealing personal data, which in 2020 was 30% higher than in the previous year.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Reprezentanții Serviciului de Protecție și Pază de Stat instruiți în domeniul protecției datelor cu caracter personal

La data de 06 decembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru angajații Serviciului de Protecție și Pază de Stat (SPPS), la solicitarea acestora. Scopul cursului de instruire a fost de a spori gradul de percepție a angajaților SPPS […]

img 29 Views
img
Training course on personal data protection organized for representatives of the Chisinau Police Department

On 5 December 2023, the National Center for Personal Data Protection (NCPDP) organized a training course on personal data protection for employees of the Chisinau Police Department. The aim of the training course was to increase the perception of the employees of the Chisinau Police Department on the principles of personal data protection, as well […]

img 7 Views
img Video gallery
img Information