Booking.com confirmed on Sunday evening that customer bookings were accessed by a dubious third party in a data breach.
While some customers received an email about the breach, the gigantic Dutch travel agency has refused to share details.
According to NU.nl, Booking.com now says the situation is under control.
What data was exposed?
The email vaguely chronicles the data breach: “suspicious activity” from an “unauthorized third party” is “affecting a number of reservations.”
The potentially compromised data includes names, emails, physical addresses, phone numbers linked to the booking, and any other information shared with the accommodation.
Payment details and passwords do not appear to have been mentioned as part of the breach, though Booking.com has not responded to questions from ANP on the specifics.
Not Booking.com’s first rodeo
It’s a bad time to not be transparent.
The affected users are now potential targets for phishing attempts, given that scammers can use booking details to craft convincing, personalised messages.
Moreover, this isn’t the first time that Booking.com has fallen victim to the occasional data breach.
In 2018, a phishing attempt led to the data of 4,000 customers in the UAE going into the wrong hands. Booking.com informed the Dutch Data Protection Authority almost a month too late and incurred a fine of €475,000.
Booking.com reported in 2024 that general phishing attacks on travellers had risen by 900%.
Have you ever been scammed on a travel website? Tell us in the comments.
I used booking for a recent hotel reservation. Received several email and WhatsApp messages indicating I needed to pay a fee to lock in the reservation. They had the reservation location and dates, but reservation number was incorrect. I contacted booking and the hotel; the hotel thought perhaps their system had been hacked. Booking never responded.