Online travel giant Booking.com has warned customers that “unauthorised third parties” may have accessed personal booking data, raising fresh concerns about cybersecurity risks across the travel sector.
Booking.com confirmed it detected suspicious activity on April 12 affecting a number of reservations and moved quickly to contain the issue. Customers impacted by the incident were contacted directly and advised that information such as names, email addresses, phone numbers, booking details and any messages exchanged with accommodation providers may have been exposed.
Booking.com stressed that financial data was not accessed from its systems, although it has not disclosed how many users may have been affected. The company has since reset reservation PINs and implemented additional safeguards to secure bookings.
In its communication to customers, Booking.com urged travelers to remain vigilant against phishing attempts, warning them not to share credit card details via email, phone, text or messaging platforms.
The breach highlights the growing sophistication of cybercriminals targeting the travel ecosystem, often exploiting trusted platforms to gain access to sensitive customer information.
The incident comes amid a broader rise in scams linked to online travel bookings, with fraudsters increasingly impersonating legitimate companies or accommodation providers to extract payment details. Industry observers note that even limited data exposure—such as reservation details—can be enough to facilitate convincing phishing attacks.
Booking.com said it is continuing to enhance its security measures and monitor for further suspicious activity. However, the lack of clarity around the scale and origin of the breach is likely to keep pressure on the company and the wider online travel sector.
