Booking.com Confirms Data Breach Affecting Customer Reservation Details View the full story via Google News
Booking.com has confirmed that unauthorized third parties gained access to sensitive customer data, marking a significant security challenge for the global travel platform. On Sunday, April 12, 2026, the company notified affected users via email, stating that suspicious activity had been detected involving a number of reservations.
The breach potentially exposed a wide array of personal information. According to the company’s notifications, the compromised data may include customer names, email addresses, physical addresses, linked phone numbers, and specific booking details, as well as other information shared with the accommodations. This incident underscores the growing vulnerability of digital travel infrastructure to sophisticated cyberattacks.
While Booking.com asserted on the evening of April 12, 2026, that the situation is now under control and that impacted guests have been informed, the company has remained tight-lipped regarding the scale of the breach. Specifics concerning the exact timing of the intrusion and the total number of affected customers were not included in the communications, and the company has declined to provide further clarification on these points.
This latest incident follows a pattern of escalating fraud targeting the platform. Data from the Dutch Fraud Helpdesk reveals a sharp rise in victims: reports jumped from 89 cases totaling nearly 25,000 euros in 2024 to approximately 200 victims with losses reaching 65,400 euros in 2025. Activity has continued into early 2026, with thousands of additional victims reported across Singapore, France, and the United Kingdom.
Security experts, including ethical hacker Sijmen Ruwhof, have highlighted the methods used by criminals to exploit the system. Hackers frequently hijack official hotel accounts to send convincing messages to guests via the app, often claiming a deposit is missing and providing a fraudulent payment link. Ruwhof noted that “Criminals use AI tools to replicate hotel emails, signatures, logos, and other recognizable details almost perfectly,” allowing them to pose as hotels through WhatsApp or email once they have secured contact details.
In response to these threats, Booking.com stated it has addressed the issues and implemented stronger security measures. Still, the company continues to advise customers to remain vigilant, carefully review their reservation communications, and stay alert for potential phishing attempts.
