Belambra, Gîtes de France and Pierre & Vacances-Center Parcs: Gîtes de France among three booking websites to be hit by cyberattack

Cyberattacks Target French Tourism Sector, Exposing Millions of Booking Records

France’s tourism industry faced a wave of cyberattacks over the weekend, with three major booking platforms breached by a single hacker. The latest victim, Gîtes de France, confirmed unauthorized access to data from 389,000 clients who booked stays between 1995 and 2026. Exposed information includes names, contact details, booking dates, and locations but no financial data. Affected regions reportedly include Guadeloupe, Cantal, and Haute-Garonne, with impacted customers notified via email on May 18.

The attacks follow breaches at Pierre & Vacances-Center Parcs (1.6 million bookings compromised) and Belambra (41,000 detailed reports, 42,000 customer bookings, and 360,000 child-related data points). All three companies plan to file complaints with France’s public prosecutor and the CNIL (data protection authority).

The hacker, allegedly seeking to expose cybersecurity vulnerabilities, reportedly told French Breaches a site tracking cyber incidents that the motive was to highlight France’s weak defenses. The stolen data risks appearing on the dark web, increasing the likelihood of phishing scams targeting victims. Authorities warn that attackers may use the exposed details to lend credibility to fraudulent communications.

Source: https://www.connexionfrance.com/news/gtes-de-france-among-three-booking-websites-to-be-hit-by-cyberattack/791098

Belambra TPRM report: https://www.rankiteo.com/company/belambra

Gîtes de France TPRM report: https://www.rankiteo.com/company/gîtes-de-france

Pierre & Vacances-Center Parcs TPRM report: https://www.rankiteo.com/company/pierreetvacances

"id": "belgîtpie1779092832",
"linkid": "belambra, gîtes-de-france, pierreetvacances",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '389,000',
                        'industry': 'Tourism/Hospitality',
                        'location': 'France',
                        'name': 'Gîtes de France',
                        'type': 'Booking Platform'},
                       {'customers_affected': '1.6 million',
                        'industry': 'Tourism/Hospitality',
                        'location': 'France',
                        'name': 'Pierre & Vacances-Center Parcs',
                        'type': 'Booking Platform'},
                       {'customers_affected': '41,000 detailed reports, 42,000 '
                                              'customer bookings, 360,000 '
                                              'child-related data points',
                        'industry': 'Tourism/Hospitality',
                        'location': 'France',
                        'name': 'Belambra',
                        'type': 'Booking Platform'}],
 'customer_advisories': 'Affected customers notified via email on May 18',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': ['389,000 (Gîtes de France)',
                                               '1.6 million (Pierre & '
                                               'Vacances-Center Parcs)',
                                               '41,000 detailed reports, '
                                               '42,000 customer bookings, '
                                               '360,000 child-related data '
                                               'points (Belambra)'],
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['Names',
                                              'Contact details',
                                              'Booking dates',
                                              'Locations']},
 'description': 'France’s tourism industry faced a wave of cyberattacks over '
                'the weekend, with three major booking platforms breached by a '
                'single hacker. The latest victim, Gîtes de France, confirmed '
                'unauthorized access to data from 389,000 clients who booked '
                'stays between 1995 and 2026. The attacks follow breaches at '
                'Pierre & Vacances-Center Parcs and Belambra, with millions of '
                "records exposed. The hacker's motive was to highlight "
                'France’s weak cybersecurity defenses, and the stolen data '
                'risks appearing on the dark web.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Yes',
            'identity_theft_risk': 'Yes',
            'legal_liabilities': 'Yes',
            'payment_information_risk': 'No'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Potential risk'},
 'motivation': 'Highlight France’s weak cybersecurity defenses',
 'references': [{'source': 'French Breaches'}],
 'regulatory_compliance': {'legal_actions': 'Complaints filed with France’s '
                                            'public prosecutor and CNIL',
                           'regulations_violated': 'GDPR',
                           'regulatory_notifications': 'Yes'},
 'response': {'communication_strategy': 'Affected customers notified via email '
                                        'on May 18',
              'law_enforcement_notified': 'Yes'},
 'threat_actor': 'Single hacker',
 'title': 'Cyberattacks Target French Tourism Sector, Exposing Millions of '
          'Booking Records',
 'type': 'Data Breach'}