Search

Booking.com Warns Customers After Reservation Data Breach

Cyber threats and incidents
By John Kevin Hao
Credit: Booking.com

Related

Cyber threats and incidents

Multiple US Healthcare Data Breaches Expose Millions of Patient Records

What happened Several major healthcare data breaches have been added...
Read more
Cyber threats and incidents

Grafana Labs Refuses to Pay Ransom After Codebase Theft

What happened Grafana Labs confirmed over the weekend that an...
Read more
Cyber threats and incidents

UK Water Company Fined After Hackers Lurked Undetected for Nearly Two Years

What happened The UK's Information Commissioner's Office fined South Staffordshire...
Read more
Cyber threats and incidents

OpenLoop Health Data Breach Confirmed at 716,000 Individuals

What happened The scale of a data breach at telehealth...
Read more
Cyber threats and incidents

Å koda Online Shop Security Incident Exposes Customer Data

What happened Å koda Auto has disclosed a security incident affecting...
Read more

Share

What happened

Booking.com warned customers after hackers accessed reservation data tied to an unspecified number of bookings. The Amsterdam-headquartered company began emailing affected users on Sunday evening about suspicious activity and later confirmed the incident publicly the same day. Booking.com said the exposed information may include booking details, names, email addresses, home addresses, phone numbers, and any extra notes guests shared directly with their accommodation. The company said no payment or credit card information was accessed. It has not disclosed how many reservations were affected or when the breach took place. 

Who is affected

The direct exposure affects Booking.com customers whose reservation data was included in the incident. The company said all affected customers were contacted directly and that impacted reservation PIN numbers have been reset. 

Why CISOs should care

This incident matters because it involves reservation data that can support follow-on scams even without payment card exposure. Names, booking details, contact information, and guest notes can give attackers enough context to make fraudulent travel-related messages appear legitimate. It also shows how travel platforms remain exposed to customer-trust risk when reservation workflows are compromised. 

3 practical actions

  1. Warn affected users about follow-on scams: Alert customers and support teams that exposed reservation details could be used in convincing phishing or fake booking-payment messages. 
  2. Review reservation-data minimization: Reassess whether booking platforms and connected properties are collecting or storing more guest information and free-text notes than necessary. 
  3. Treat PIN resets as a containment signal: Use forced reservation PIN resets and direct notification as immediate containment steps when booking-specific data is exposed. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Data Breach: DermCare Management, Option Care Health, and Aetna
Next article
Basic-Fit Data Breach Exposes Details of Around 1 Million Members

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.