Booking.com Hit by Latest Data Breach, Exposing Customer Booking Details
Booking.com has confirmed a data breach in which unauthorized third parties accessed customer booking information. The company detected "suspicious activity" and responded by securing affected reservations and notifying impacted guests, though the exact number of those affected remains undisclosed.
According to an email sent to customers, the breach may have exposed booking details, including names, email addresses, phone numbers, and any additional information shared with accommodations. Financial data was reportedly not compromised. The incident follows a pattern of cybersecurity issues for the platform, including a 2025 scam where fraudsters tricked customers into providing payment details and a 2018 phishing attack in the UAE that exposed over 4,000 customers’ data. The latter resulted in a €475,000 fine from Dutch regulators for delayed reporting.
Founded in Amsterdam in 1996, Booking.com serves millions of travelers globally, connecting users to over 28 million accommodation listings. The breach occurs amid heightened scrutiny of hospitality industry cybersecurity, including recent high-profile incidents at Marriott International, which faced multiple breaches affecting hundreds of millions of customers. In 2024, the FTC required Marriott and its subsidiary Starwood to implement stricter data security measures, including customer data deletion options and loyalty point restoration, alongside a $52 million penalty.
Booking.com has not provided further details on the investigation or additional preventive measures.
Source: https://www.newsweek.com/data-breach-booking-major-travel-website-customer-information-11832390
Booking.com cybersecurity rating report: https://www.rankiteo.com/company/booking.com
"id": "BOO1776263987",
"linkid": "booking.com",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Hospitality/Travel',
'location': 'Amsterdam, Netherlands',
'name': 'Booking.com',
'size': 'Large (serves millions of travelers globally)',
'type': 'Company'}],
'customer_advisories': 'Notified impacted guests via email',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate to High (PII exposed)',
'type_of_data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Additional booking '
'information']},
'description': 'Booking.com has confirmed a data breach in which unauthorized '
'third parties accessed customer booking information. The '
'company detected suspicious activity and responded by '
'securing affected reservations and notifying impacted guests. '
'The breach may have exposed booking details, including names, '
'email addresses, phone numbers, and any additional '
'information shared with accommodations. Financial data was '
'reportedly not compromised.',
'impact': {'data_compromised': 'Booking details (names, email addresses, '
'phone numbers, additional information shared '
'with accommodations)',
'identity_theft_risk': 'High',
'payment_information_risk': 'None (financial data not '
'compromised)'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Booking.com customer email'}],
'regulatory_compliance': {'fines_imposed': '€475,000 (2018 incident)',
'regulations_violated': ['GDPR (delayed reporting '
'in 2018 incident)']},
'response': {'communication_strategy': 'Notified impacted guests via email',
'containment_measures': 'Secured affected reservations',
'incident_response_plan_activated': 'Yes'},
'title': 'Booking.com Data Breach Exposing Customer Booking Details',
'type': 'Data Breach'}