Booking.com customers, including some Australians, have been told their personal information may have been accessed by “unauthorised third parties”. With this breach in mind, should the travel industry be more worried than other sectors about cybercrime?
The company confirmed the cyber breach warning in an email to affected users on Monday night, saying exposed data could include booking details, names, emails, addresses, phone numbers and any information shared with accommodation providers, the ABC reported.
The total number of affected users has not been confirmed, but travellers are being urged to remain cautious of phishing scams and strengthen their online security.
Booking.com, which lists more than 28 million properties globally, said it has reset reservation PINs as a precaution. The company also stressed that no financial information was accessed from its systems.
“We recently noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information,” a company spokesperson said.
“Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.
“We can confirm that financial information was not accessed from Booking.com’s systems.”
Adam Marré, Chief Information Security Officer at cybersecurity company, Arctic Wolf, said the incident highlighted how breaches can “quickly evolve” into something sinister.
“When attackers have access to real booking data, any follow-on messages or activity don’t feel suspicious,” said Marré, a former FBI agent.
“They line up with an actual trip or reservation, which makes people far more likely to trust them.
“It’s a pattern we’re seeing more often, where attackers focus on making their activity look legitimate and catching people at the right moment.”
Travel troubles
Marré added that the travel industry was particularly susceptible to this type of crime.
“In sectors like travel, where there are multiple handoffs between platforms, partners and customers, that creates more opportunities for attackers to step in,” he said.
“For consumers, it’s worth pausing before clicking on any unexpected messages, even if they reference a real booking, and going back to the platform directly to double-check.
“For organisations, it’s a reminder to keep tightening the basics, from identity controls to visibility across partner systems, so this kind of activity is picked up earlier.”
Last year, cyber criminals released Qantas customer data stolen during a call centre incident. The breach affected 5.7 million customer records.
KARRYON UNPACKS: Another reminder that even major booking platforms aren’t immune to cyber risks. For travellers and travel advisors, it’s about tightening habits: double-check emails, watch for phishing and keep client trust front and centre when digital systems get messy.
