The online lodging booking service Booking.com experienced a security incident where unauthorized individuals accessed customer information. The company detected unusual behavior allowing third parties to view some users’ reservation details. Upon identification, Booking.com acted swiftly to mitigate the problem, reset access codes for impacted bookings, and notified affected individuals. Headquartered in Amsterdam, the platform features over 30 million lodging options globally and facilitates connections for millions of travelers seeking accommodations, transportation, and experiences. The firm did not disclose the number of affected users but confirmed that no financial data was compromised. In communications to customers, Booking.com indicated that intruders might have viewed reservation specifics, including names, email addresses, physical addresses, phone numbers, and any details shared with the property. This event adds to a pattern of cyber threats targeting Booking.com, which has faced increasing scams on its site, such as fraudsters requesting payment information for verification and then overcharging. In 2018, attackers employed phishing methods to obtain credentials from hotel staff in the United Arab Emirates, accessing data for over 4,000 users. Booking.com was fined €475,000 by Dutch authorities for delaying breach notification by 22 days. The sector at large is under pressure to address fake listings on reservation platforms. Booking.com is part of Booking Holdings, a U.S.-based corporation valued at $137 billion, which also operates OpenTable, Agoda, and Kayak. The parent company is based in Norwalk, Connecticut, with a global workforce exceeding 24,000.
