According to a book published on Thursday, a hacker working for a US intelligence agency broke into Booking.com’s servers in 2016 and obtained data pertaining to the Middle East. The book also claims that the online travel agency chose to conceal the accident.
Claim: Booking.com was hacked by US intel agency
After consulting with the Dutch intelligence service, known as AIVD, Booking.com decided to look into the data breach. The firm followed legal guidance and didn’t inform any victims or the Dutch Data Protection Authority. Booking.com wasn’t required to notify authorities since no sensitive or financial data was obtained.
According to the book called De Machine: In de ban van Booking.com, IT employees from the firm, however, gave a very different account. The book’s authors are three journalists from the Netherlands’ NRC newspaper, who claim that the breach was dubbed “the PIN-leak.”
According to the book, the hacker was able to access thousands of hotel reservations from Middle Eastern nations including Saudi Arabia, Qatar, and the United Arab Emirates. The information made public included the names of Booking.com customers and their travel destinations.
After the attack, US private detectives assisted Booking.com’s security department in identifying the hacker as an American who worked for a company that did work for US intelligence services. The authors never determined who was responsible for the attack.
According to the authors, a Booking.com representative acknowledged that there was unusual activity in 2016, that security personnel responded fully to the situation right away, and that the company never informed customers about it. According to the representative, Booking.com was not required by law to reveal the breach because there was no evidence found for “actual adverse effects on the private lives of individuals.”