Booking.com Warns Customers of Data Breach Affecting Guest Information
AI-generated from multiple sources. Verify before acting on this reporting.
AMSTERDAM — Booking.com announced on Sunday that unauthorized third parties gained access to some guest booking information, prompting the travel platform to issue a warning to affected customers.
The Amsterdam-based company disclosed the security incident in a statement released on April 13, 2026. The breach involved the exposure of personal data linked to specific reservations, though the company has not yet specified the total number of users impacted or the precise categories of information compromised.
Booking.com stated that the unauthorized access was detected through routine security monitoring. The company is cooperating with relevant authorities to investigate the scope of the incident. Customers whose data may have been accessed are being notified directly.
The travel giant, which operates one of the world's largest online travel agencies, manages millions of bookings annually across hundreds of thousands of properties globally. The incident marks a significant security challenge for the platform, which relies heavily on user trust to facilitate transactions between travelers and accommodation providers.
In its public communication, Booking.com advised customers to remain vigilant for suspicious activity and to review their account settings. The company recommended that users change their passwords and enable two-factor authentication where available. No evidence of financial fraud or identity theft has been confirmed at this stage.
Cybersecurity experts have noted that travel and hospitality sectors remain frequent targets for data breaches due to the volume of personal and payment information they store. Previous incidents in the industry have involved the exposure of names, email addresses, phone numbers, and booking details.
Booking.com has not provided details on how the unauthorized access was achieved or whether the attackers remain active within the company's systems. The company is working to strengthen its security protocols and prevent future incidents.
The breach comes amid heightened scrutiny of data protection practices across the technology sector. Regulatory bodies in the European Union, where Booking.com is headquartered, enforce strict rules under the General Data Protection Regulation (GDPR) regarding the handling of personal information.
Affected customers are expected to receive further updates as the investigation progresses. Booking.com has established a dedicated support channel to address inquiries related to the incident.
Questions remain regarding the full extent of the data exposed and whether any sensitive financial information was compromised. The company has not yet disclosed if the breach was the result of a targeted attack or a broader security vulnerability. Further details are anticipated as the investigation continues.