fined $560,000 for GDPR data breach violation - Hexafusion Blog | Hexafusion
  • Contact Us At

    Vancouver: 604-757-2010

         Toronto: 416-236-6300

  • E-Mail Us @


Hexafusion Blog fined $560,000 for GDPR data breach violation, Netherlands-based company failed to act quickly enough, says regulator

Travel services website has been fined €475,000 (around $560,000) under GDPR laws after failing to report a data breach within the mandated timeframe.

The Netherlands-based company, which provides accommodation and flights, suffered a data leak back in 2018 when the personal and financial details of more than 4,100 customers were exposed online.

Telephone scammers targeted hotels in the United Arab Emirates, gaining the login details of 40 employees and allowing them access the system.

They then stole the data of 4,100 users, including the credit card details of 283 customers – 97 of whom also had their card security number stolen.

Late Booking discovered the breach on January 13, 2019, but failed to report the incident to regulators until February 7, 2019. GDPR rules mandate that all breaches should be reported within 72 hours of discovery.

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, or ‘AP’) imposed the fine, after calling the incident a “serious violation” of the EU’s data protection regulation.

AP vice president Monique Verdier said in a statement: “This is a serious violation. A data breach can unfortunately happen anywhere, even if you have taken good precautions.

“But to prevent damage to your customers and the recurrence of such a data breach, you have to report this in time.”


Verdier added: “That speed is very important. In the first place for the victims of a leak.

“After such a report, the AP can, among other things, order a company to immediately warn affected customers. In this way, for example, to prevent criminals from having weeks to continue trying to defraud customers.”

Staff training

A spokesperson for told The Daily Swig: “The Dutch DPA fine relates specifically to late notification to them of this incident and is not connected to’s security practices, nor to the overall handling of the incident in question.

“A small number of hotels inadvertently provided their account login details to online scammers, but there was no compromise of the code or databases that power the platform.

“After receiving the first reports of suspicious activity, we began working to understand and resolve the issue, but unfortunately didn’t get the matter escalated as fast as we would have liked internally.

“We have since taken additional steps to improve awareness and education amongst our partners and employees on important privacy measures and general security processes, while also working to further optimize the speed and efficiency of our internal reporting channels.

“The protection and security of personal data is and will remain a top priority at”

News Source:

Hackers Exploit Fortinet Flaw in Sophisticated Cri...
Hackers Are Targeting Microsoft Exchange Servers W...

By accepting you will be accessing a service provided by a third-party external to

Customer Login

Contact us

Learn more about what Hexafusion can do for your business.

Vancouver:  604-757-2010
Toronto:  416-236-6300

250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1