Booking.com confirms customer data breach
Booking.com has confirmed a data breach that exposed customer names, emails, phone numbers, addresses and reservation details, creating phishing and privacy risks for affected users. The company’s acknowledgement follows forensic notices and raises exposure for travelers and partners whose contact and booking metadata were included (x.com).
Booking.com has confirmed that hackers accessed some customers’ reservation data and reset affected booking PIN codes in response. (techcrunch.com) Customers who got the notice were told the exposed information may include names, email addresses, phone numbers, street addresses, booking details, and messages shared with a property. Booking.com said it “immediately took action to contain the issue” after detecting suspicious activity involving unauthorized third parties. (abc.net.au) The company has not publicly said how many people were affected or how the intruders got in. Reporting published April 13 and April 14 said Booking.com was warning users to watch for phishing emails and phone calls tied to real reservations. (skift.com) That mix of contact details and trip information gives scammers a ready-made script. A caller or email sender who knows your hotel, dates, and reservation status can make a fake payment request look real. (techrepublic.com) Booking.com sits at the center of a huge travel network. Booking Holdings says its brands serve consumers and local partners in more than 220 countries and territories, which means reservation data can move among travelers, hotels, and platform systems before a trip begins. (bookingholdings.com) The company has dealt with breach scrutiny before. The Dutch Data Protection Authority fined Booking.com €475,000 in 2021 after criminals obtained data on more than 4,000 customers in a 2019 incident and the company reported it late. (autoriteitpersoonsgegevens.nl) Booking.com’s own partner security guidance says hotel partners often have access to guest names, addresses, credit card details, and phone numbers, and warns them about phishing and email spoofing. That history has kept attention on whether travel breaches start with the platform itself or with a partner account further down the chain. (booking.com) For travelers, the practical change is simple: a real booking reference is no longer enough to trust a message. Booking.com’s latest warning turns routine reservation emails and calls into something customers now have to verify before they act. (forbes.com)
