Booking.com Suffers Data Breach, Exposing Customer Reservation Details
On April 13, 2026, Booking.com confirmed that hackers accessed sensitive user data tied to travel reservations, including names, email addresses, phone numbers, and booking details. The company detected suspicious activity and acted swiftly to contain the breach, though it did not disclose the number of affected users or technical specifics of the attack.
Exposed information may also include any details shared with accommodations, such as addresses or additional booking-related data. While payment information remained secure, Booking.com reset reservation PINs as a precautionary measure. The company has notified impacted customers but has not confirmed whether the breach is linked to recent reports of scammers using legitimate reservation details to target users.
No evidence suggests attackers directly compromised Booking.com’s systems, though the investigation remains ongoing. The incident highlights the risk of phishing attempts, as fraudsters may exploit stolen data to impersonate the company via email, phone, or messaging platforms.
Booking.com cybersecurity rating report: https://www.rankiteo.com/company/booking.com
"id": "BOO1776112063",
"linkid": "booking.com",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Travel and Hospitality',
'name': 'Booking.com',
'type': 'Company'}],
'customer_advisories': 'Notified impacted customers about the breach and '
'reset reservation PINs.',
'data_breach': {'personally_identifiable_information': 'Names, email '
'addresses, phone '
'numbers, addresses',
'sensitivity_of_data': 'High (PII and booking details)',
'type_of_data_compromised': 'Personal and reservation data'},
'date_detected': '2026-04-13',
'date_publicly_disclosed': '2026-04-13',
'description': 'On April 13, 2026, Booking.com confirmed that hackers '
'accessed sensitive user data tied to travel reservations, '
'including names, email addresses, phone numbers, and booking '
'details. The company detected suspicious activity and acted '
'swiftly to contain the breach, though it did not disclose the '
'number of affected users or technical specifics of the '
'attack. Exposed information may also include any details '
'shared with accommodations, such as addresses or additional '
'booking-related data. While payment information remained '
'secure, Booking.com reset reservation PINs as a precautionary '
'measure. The company has notified impacted customers but has '
'not confirmed whether the breach is linked to recent reports '
'of scammers using legitimate reservation details to target '
'users. No evidence suggests attackers directly compromised '
'Booking.com’s systems, though the investigation remains '
'ongoing. The incident highlights the risk of phishing '
'attempts, as fraudsters may exploit stolen data to '
'impersonate the company via email, phone, or messaging '
'platforms.',
'impact': {'brand_reputation_impact': 'Risk of phishing attempts and '
'fraudster impersonation',
'data_compromised': 'Names, email addresses, phone numbers, '
'booking details, addresses, '
'reservation-related data',
'identity_theft_risk': 'High',
'payment_information_risk': 'Low (payment information remained '
'secure)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Incident highlights the risk of phishing attempts and '
'fraudster impersonation using stolen data.',
'references': [{'source': 'Booking.com Incident Disclosure'}],
'response': {'communication_strategy': 'Notified impacted customers',
'containment_measures': 'Reset reservation PINs, notified '
'impacted customers',
'incident_response_plan_activated': 'Yes'},
'title': 'Booking.com Suffers Data Breach, Exposing Customer Reservation '
'Details',
'type': 'Data Breach'}