Booking.com Data Breach: Customer Information Exposed
- Booking.com announced on April 13, 2026, that unauthorized third parties gained access to customer booking information in a data breach.
- While the company has not disclosed the total number of affected customers, it has begun notifying guests and taking steps to contain the incident.
- Booking.com stated that financial information was not accessed during the breach.
Booking.com announced on April 13, 2026, that unauthorized third parties gained access to customer booking information in a data breach. The Amsterdam-based platform identified suspicious activity
that allowed these parties to access specific guest details.
While the company has not disclosed the total number of affected customers, it has begun notifying guests and taking steps to contain the incident.
Scope of Compromised Data
Booking.com stated that financial information was not accessed during the breach. However, other booking-related data may have been exposed.
According to company communications, the accessed information could include names, email addresses, phone numbers, and physical addresses associated with bookings. Any additional data that customers shared directly with their chosen accommodation providers may also be at risk.
Mitigation and Response
Upon discovering the unauthorized access, Booking.com worked to contain the issue. The company updated the pin numbers for the affected reservations as part of its security response.

The platform connects millions of travelers with transport and lodging. Reports on the scale of its listings vary, with some sources stating the platform lists more than 2 million properties globally, while others cite more than 30 million accommodation venues.
Phishing Risks and Fraud Trends
The data breach has coincided with a wave of travel-related phishing attacks. Reports indicate that users are receiving fraudulent emails, phone calls, and WhatsApp messages targeting upcoming travel bookings.
This incident follows a period where Booking.com has struggled with a rise in online scams. In those instances, fraudsters have requested payment details from users to pre-authorize or verify trips, subsequently charging high amounts.
Customer Concerns
Some customers have expressed frustration over the clarity of the company’s communications. A UK-based customer reported on April 12, 2026, that the notification they received lacked concrete information regarding exactly what data had been stolen.
I find it unacceptable that this crucial information is not clearly stated anywhere in your communication or support channels. Instead of being able to speak to a real person and obtain a straightforward answer, I am being forced to deal with automated systems and AI responses, which do not address my specific concern.
UK Booking.com customer via Xolvie
The customer specifically questioned whether credit or debit card details were accessed, copied, or misused, and requested a direct written statement regarding the actual scope of the breach as it related to their account.
