Booking.com confirmed hackers gained unauthorized access to customer reservation data in a cybersecurity breach that exposed personal information including names, email addresses, phone numbers, and booking details.
The Amsterdam-headquartered travel platform began notifying affected users Sunday evening about suspicious activity linked to certain reservations. The company declined to specify how many customers were impacted or when the breach occurred.
We recently noticed suspicious activity affecting a number of reservations and immediately took action to contain the issue. The security of your personal information is our utmost priority.
Booking.com — Email to affected customers
Exposed information may include booking details, names, email addresses, home addresses, phone numbers and any notes guests shared directly with accommodations. The company emphasized that financial information and credit card data were not accessed during the incident.
Booking.com reset PIN numbers for all affected reservations and stated the situation is now under control. The platform connects millions of travelers with over 30 million accommodation venues worldwide through its reservation system.
The Guardian frames this as part of a concerning pattern of cybersecurity failures at Booking.com, emphasizing the company's history of breaches and regulatory fines. Their coverage highlights the broader industry problem of fake listings and scams, positioning this incident within systemic platform security weaknesses rather than as an isolated event.