Η Saber Corp, a hotel booking company, will pay $ 2,4 million in 27 states, including about $ 50.000 in Iowa, to arrange a data breach suffered in 2017, which was not mentioned in some of them customers her for a whole year.
The company based in Texas and its subsidiary, Saber Hospitality Solutions, use the system SynXis Central Reservation, which according to the company is used by more than 40.000 hotels in 160 countries. In May 2017, the company informed the federal authorities of a data breach that took place from August 2016 to March 2017, during which they risked data consumers, including about 1,3 million credit card numbers.
Saber updated them hotels where was it customers of June 2017 on the breach, but left the hotels themselves to inform individual consumers, with some receiving more than one alert and others not being notified of the breach until 2018.
"As we have seen in other data breaches, it is important for companies to provide clear and timely alerts to their consumers so that they can be protected from identity theft," he said. the Attorney General of Iowa, Tom Miller in a press release announcing the settlement.
In addition to payments made to States, the settlement requires Saber to specify in future contracts the liability of all parties in the event of breach, to implement new security requirements and information security programs, and to undergo a third party security assessment.
For their part, consumers need to be careful when choosing one site to make their online reservations. Also when they have given valuable information they should be alert and often look for specials sites, such as Have I Been Pwned, their accounts to be able to act immediately in such a case.