https://www.abc.net.au/news/2026-04-13/booking-com-data-security-breach-personal-details/106557630
Booking.com has confirmed that hackers accessed customer data linked to travel reservations, prompting the company to force PIN resets and notify affected users directly via email. The company stated it “recently noticed suspicious activity affecting a number of reservations,” with attackers potentially gaining access to names, email addresses, phone numbers, and specific information customers may have shared with accommodations through the platform. The number of impacted users has not been disclosed, though the company assured that every affected individual will be notified individually and that customer support services are available around the clock.
Booking.com has insisted that financial information was not accessed in the breach. Affected customers received updated reservation PINs and were urged to exercise caution around suspicious emails and phone calls, with the company reminding users that it will never ask for sensitive information or request bank transfers. The platform’s built-in messaging system has previously been abused following hotel account compromises, turning legitimate conversations into delivery channels for payment scams — raising concerns that this incident could follow a similar pattern.
Even without financial data being taken, affected customers remain at significant risk. “Victims are still at risk of phishing, and these communications could be highly tailored given the attackers know about previous holiday bookings.”. Indeed, some users on Reddit have already reported being targeted by scammers who appear to possess private reservation information, including details such as booking references, travel dates, and hotel names. Enough to craft highly convincing and deceptive messages.