In early 2016, an American hacker hacked into the systems of the hotel website Booking.com and stole the details of thousands of reservations for hotels in countries in the Middle East. After two months of investigation, four Bucking specialists revealed that the thief was a man with close ties to the US intelligence services. This is what the Dutch newspaper NRC wrote.
Booking.com has asked the Dutch intelligence agency AIVD to help investigate the large-scale data theft, but has not notified the affected customers and the Dutch Data Protection Authority (AP). The firm was not legally obligated to do so at the time, management ruled on the advice of law firm Hogan Lovells. The Associated Press declined to comment.
Booking.com’s security specialists were uncomfortable with the decision to remain silent about the data breach, those involved say. Experts are also critical. Under the then-current privacy law, the company was required to notify a data subject of the data theft if it “was likely to adversely affect their privacy”.