Booking.com Data Breach Sparks Concerns Over Customer Security
Some customers of Booking.com have been alerted that their personal information may have been accessed by unauthorized third parties, raising new concerns about the security of travelers’ data. The company, which operates over 28 million accommodation listings globally, connects travelers to hotels, apartments, and other properties across hundreds of countries, as well as flights, rental cars, and attractions.
In an email sent to affected customers overnight, the company stated that the information accessed could include “booking details, names, emails, addresses, phone numbers, and anything that you may have shared with the property.” The email also mentioned that the company noticed suspicious activity affecting several reservations and took immediate action to contain the issue.
“We recently noticed suspicious activity affecting a number of reservations and immediately took action to contain the issue,” the email said. “The security of your personal information is our utmost priority. We’ll continue to enhance and extend the robust security measures we have in place to secure your reservations with us.”
Booking.com has changed reservation PIN numbers to ensure bookings remain secure. The company also advised customers to take extra precautions, such as installing antivirus software, to protect against threats like phishing attempts — scams where criminals trick people into revealing personal or financial information by posing as trusted organizations.
A spokesperson for Booking.com confirmed that financial information was not accessed from its systems. However, it remains unclear how many customers have been affected.
Rising Scams Target Booking.com Users
The news comes as the travel giant has faced increased scrutiny following a sharp rise in complaints about lost money and damaged properties. This has occurred during an already uncertain time in the tourism sector due to the ongoing conflict in Iran.
Scams involving Booking.com customers have been on the rise, with Steve Atkin from Port Macquarie on the New South Wales mid-north coast being one of many targeted. He described his experience after receiving a call from someone impersonating a Booking.com staff member, leading to money being taken from his account and sent overseas.
Mr. Atkin said the incident began after he booked accommodation in Bali in December. He raised concerns about the property, chose to leave for another hotel, and requested a refund through Booking.com. A few days later, he was contacted by someone claiming to be a Booking.com customer service agent, responding to the refund request.
“He wanted my card details. I said if you’re a genuine Booking.com agent, you should already have that on file,” Mr. Atkin said. “I checked my bank account later and $100 had been deducted.”
He later contacted Booking.com, which informed him that the individual involved had never worked for the company and was not authorized to act on its behalf. Despite not providing his credit card details, Mr. Atkin was left puzzled about how the scammer obtained his information and managed to access his account.
“I didn’t give him my credit card details, my booking was made through Booking.com, so I have no idea how he got my details, why he knew about my refund request, or how he got my money,” he said. Mr. Atkin eventually received a refund for both the fraudulent transaction and his accommodation two months later.
“It was a very painful process — an absolute nightmare,” he added.
Growing Complaints Against Booking.com
Booking.com is the main brand for one of the world’s largest online travel companies. Its parent company, Booking Holdings, generated more than $38 billion in revenue last year and owns other well-known travel brands such as Agoda, Kayak, and Priceline.
In Australia, Booking.com is the most used online travel website, accounting for more than 30 per cent of online travel agent bookings, according to the latest IbisWorld report. National figures compiled by the ABC showed there were 842 complaints made about Booking.com to state and territory consumer bodies over the past two years.
However, the real number is much higher, but could not be calculated because Victoria, Western Australia, and the Northern Territory do not disclose complaints about individual companies.
The National Anti-Scam Centre reported that phishing scams swindled victims of more than $31 million last year. More than 65,000 scams were reported to Scamwatch in 2025, with the majority of victims over the age of 65.
Booking.com has warned customers that suspicious emails or phone calls may be from malicious actors impersonating the company or accommodation providers. It emphasized that it would never ask for credit card details over the phone, through text, or WhatsApp, or to make a bank transfer that differs from the payment policy details in the booking confirmation section.
[CONTACT SRT ZENDESK FORM]
