Booking.com has confirmed a data breach in which unauthorised parties accessed customers' booking information. The platform detected suspicious activity involving third parties gaining access to reservation details, including names, contact information, and booking specifics.
The company stated that financial information was not compromised and that it has updated PIN numbers for affected reservations and notified impacted guests. Booking.com declined to disclose the number of customers affected.
This incident is part of a series of cybercrime attempts targeting the platform. In recent months, fraudsters have been contacting customers to request payment details for pre-authorisation before trips, leading to high charges. In 2018, criminals used phishing to steal hotel employee login details in the UAE, accessing data of over 4,000 people.
Booking.com reported the breach to the Dutch privacy regulator 22 days late, resulting in a €475,000 fine. The wider travel industry faces calls to address fake listings on booking websites.
