Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
A Cybercrime Ring Responsible For Hijacking Over 100M Email, Instagram Accounts Dismantled
March 21, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Hefty Fine for Booking.com Due to Delayed Data Breach Notification; With Little Financial Information Stolen, Is the Amount Excessive?

By Scott Ikeda for CPO Magazine
Thursday, April 8, 2021

Booking.com’s immediate acquiescence is somewhat surprising given that EU regulators have tended to be forgiving of companies in the travel industry, particularly during the pandemic. The Marriott data breach of 2018 was one of the largest of its type of all time, but was ultimately reduced to $23.8 million in October from an initial assessment of $123 million. Similarly, the major British Airways incident of 2018 was reduced to $26 million that month from an initial proposed $238 million. Each involved more serious issues than a data breach notification, with the companies involved found responsible for the loss of millions of records of sensitive personal and financial information.

The Dutch DPA did not play a role in those decisions, however. It is thus unclear if this signals a trend in the EU toward stricter enforcement of slow data breach notifications, or if companies based in the Netherlands are going to be subject to tougher standards in this area. Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, believes that the European Data Protection Board may decide to weigh in on this particular issue: “The fine seems to be severe given that sensitive data of just 300 people was compromised among 4000 victims that were somehow affected. The Dutch DPA exercised its discretion to impose fines under Article 83 of GDPR in a broad manner, and it seems to be an unambiguous signal of zero tolerance for late data breach reports … The European Data Protection Board will probably intervene and bring more clarity on this specific misconduct in terms of gravity and subsequent punishability. In any case, this precedent evidences that victims of data breaches are to rigorously follow Article 33 of the GDPR and notify the competent DPA within 72 hours as prescribed.” Read Full Article


Previous Media Publications:

CPO Magazine: Hackers Compromised a Popular Carding Site Exposing 300,000 User Account Details

CPO Magazine: Cyber Insurance Firm Suffers Sophisticated Ransomware Cyber Attack; Data Obtained May Help Hackers Better Target Firm’s Customers

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential