Sunweb Group, a travel company, confirmed a data breach after attackers sent phishing emails to its customers, impersonating the company and requesting fake payments under the threat of holiday cancellations. The breach originated from Sunweb’s compromised network, where attackers stole customer data, including names, email addresses, phone numbers, and booking details (travel dates, destinations, etc.). However, sensitive information such as credit card details, passwords, and ID/passport data remained secure. The incident was contained after an investigation, and Sunweb reported the breach to the Dutch Supervisory Authority. Affected systems were secured with additional (unspecified) measures, and customers were advised to monitor for fraudulent transactions and contact their banks if targeted. While the breach did not expose financial or highly sensitive personal data, the stolen booking and contact details were exploited for follow-up phishing attacks, posing reputational and fraud risks. Sunweb did not disclose the number of affected individuals or whether identity theft protection services would be offered. The company emphasized the incident was fully contained and committed to further communication with impacted customers.
TPRM report: https://www.rankiteo.com/company/sunweb-group
"id": "sun2592625100725",
"linkid": "sunweb-group",
"type": "Breach",
"date": "10/2025",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Travel & Tourism',
'location': 'Netherlands',
'name': 'Sunweb Group',
'type': 'Travel Agency'}],
'attack_vector': 'Phishing (via hacked third-party email server)',
'customer_advisories': 'Urged to contact banks if tricked by phishing emails',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Moderate (no financial/PII like '
'passwords or ID documents)',
'type_of_data_compromised': ['Personal data',
'Booking information']},
'description': 'Sunweb Group confirmed a cyberattack and data breach where '
'attackers stole contact and booking details (names, email '
'addresses, phone numbers, travel dates, destinations) but not '
'sensitive ID or payment data. The breach was triggered by '
"phishing emails urging customers to 'confirm details and make "
"a payment' under threat of holiday cancellation. The incident "
'was fully contained, and Sunweb reported it to Dutch '
'authorities while advising affected customers to contact '
'their banks.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'phishing scams targeting customers',
'data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Booking information (travel dates, '
'destinations)'],
'identity_theft_risk': 'Low (no sensitive ID/payment data exposed)',
'operational_impact': 'Systems temporarily closed for containment',
'payment_information_risk': 'Low (no credit card/password data '
'exposed)'},
'investigation_status': 'Contained; follow-up communications in progress',
'motivation': 'Fraud (fake payment requests)',
'post_incident_analysis': {'corrective_actions': ['Additional security '
'measures implemented '
'(unspecified)']},
'recommendations': ['Customers advised to contact banks to block fraudulent '
'transactions',
'Vigilance against phishing emails'],
'references': [{'source': 'TechRadar'}],
'regulatory_compliance': {'regulatory_notifications': ['Dutch Supervisory '
'Authority']},
'response': {'communication_strategy': ['Customer notifications',
'Follow-up communications planned',
'Public advisory on website'],
'containment_measures': ['Systems closure',
'Additional security measures '
'(unspecified)'],
'incident_response_plan_activated': True},
'stakeholder_advisories': 'Customers notified; Dutch authorities informed',
'title': 'Sunweb confirms data breach after phishing emails targeted '
'customers with fake payment requests',
'type': ['Data Breach', 'Phishing Attack']}