Booking.com Data Breach Exposes Customer Reservation Information

Severity: High (Score: 63.0)

Sources: Feeds2.Feedburner, Uk.Pcmag, Cxtoday, Theguardian, Insurancebusinessmag

Summary

On April 13, 2026, Booking.com confirmed a data breach where unauthorized third parties accessed customer reservation details, including names, email addresses, phone numbers, and booking information. The breach has raised concerns about potential phishing scams targeting affected users, as the exposed data can be used to craft convincing fraudulent communications. Booking.com has reset PINs for affected reservations and advised customers to remain vigilant against suspicious emails and messages. The company has not disclosed the number of customers impacted or the specific method of the attack, but it emphasized that financial data was not compromised. Reports indicate that some users have already received phishing attempts referencing their booking details. This incident follows a history of similar breaches and scams targeting the travel sector, highlighting ongoing vulnerabilities in online travel platforms. Key Points: • Unauthorized access to customer reservation data at Booking.com confirmed on April 13, 2026. • Exposed data includes names, emails, phone numbers, and booking details, raising phishing risks. • Booking.com has reset PINs for affected reservations and is investigating the breach.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Phishing (attack_type)
• Supply Chain Attack (attack_type)
• Click-fix (campaign)
• Click-fix Phishing Campaign (campaign)
• United Arab Emirates (country)
• Booking.com (company)
• dutchnews.nl (domain)
• PcTattletale (malware)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• WhatsApp (platform)