On April 13, 2026, Booking.com confirmed a security incident in which unauthorized third parties accessed customers’ booking information. The company began notifying affected users via email as early as April 12, warning them of the potential exposure of personal and reservation details. The data breach primarily affected booking information. The exposed data reportedly pertains to millions of users, and includes full names, email addresses, postal addresses, phone numbers, communications shared with property providers, and many other detail information that can be used to package fraudulent phishing attacks. The potential financial damage to victims can be significant, given the scale of the data breach. The company has implemented mitigation actions such as Immediate containment of the suspicious activity, resetting PIN codes for all impacted bookings to secure reservations and prevent misuse of old confirmation numbers, direct email notifications to affected users, providing the new PIN and guidance on next steps, enhanced monitoring and security strengthening measures. Further investigations are underway in addition to continuous monitoring of scam and phishing attempts targeting platform users and travelers.
We build advanced cybersecurity solutions.
Discover our cutting-edge AI-driven solutions for cyber threat prevention, detection and mitigation.