News

As Booking.com suffers data breach, former FBI agent warns of travel sector vulnerability

Imogen Wilhelmi
Imogen Wilhelmi
Office premises of the online travel agent Booking.com in Amsterdam, Netherlands
Office premises of Booking.com in Amsterdam, Netherlands. Photo: Nigel Harris via iStock

Booking.com customers have been warned that their personal information may have been accessed by ‘unauthorised third parties’ in the latest data breach to rock the travel retailer.

The popular reservation platform confirmed on Monday that hackers had accessed some customers’ personal data including names, email addresses, phone numbers and booking details. 

In an email to affected customers, Booking.com said that information associated with a previous reservation, and anything that they had shared with accommodation providers had been breached. 

A spokesperson for Booking.com said that security measures had been put in place to contain the issue.

“At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information.

“Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests. We can confirm that financial information was not accessed from Booking.com’s systems.”

Headquartered in Amsterdam, the company hosts more than 30 million accommodation listings worldwide. The latest incident comes after Booking.com reported a 900 per cent increase in travel scams from 2023 to 2024.

Protecting travel plans

Former FBI agent Adam Marré said that this incident is an example of how situations can quickly evolve beyond an initial breach.

“When attackers have access to real booking data, any follow-on messages or activity don’t feel suspicious. They line up with an actual trip or reservation, which makes people far more likely to trust them.
“It’s a pattern we’re seeing more often, where attackers focus on making their activity look legitimate and catching people at the right moment… cyber criminals count on flaws in human nature for success, and adding real-world context like this only increases their chances,” he said.
The chief security officer at Arctic Wolf, a global cybersecurity company, Marré says that the travel industry is particularly vulnerable to these kinds of attacks.
“In sectors like travel, where there are multiple handoffs between platforms, partners and customers, that creates more opportunities for attackers to step in,” he said. 
But how can customers and advisors keep their data protected? Marré says it is a matter of staying alert and tightening travel booking systems.
“For consumers, it’s worth pausing before clicking on any unexpected messages, even if they reference a real booking, and going back to the platform directly to double check.
“For organisations, it’s a reminder to keep tightening the basics, from identity controls to visibility across partner systems, so this kind of activity is picked up earlier.”

Latest News

AirAsia aircraft parking.
AirAsia suspends Melbourne and Adelaide flights to Bali amid fuel cost pressures
Trip.com Group unveils new bundled booking feature.
Trip.com Group unveils new bundled booking feature for hotels at exclusive event
Trafalgar river Spotlight Savings offers 30-50% off 2026 Christmas market river cruises
Viking launches its deals of the week.
Viking launches its river, ocean, and expedition deals of the week