Booking.com has issued a notification to certain customers indicating that their personal information may have been accessed by unauthorized third parties. The specifics regarding the number of affected individuals and whether credit card information has been compromised remain unclear.
Customers have been advised against disclosing their credit card information via email, over the phone, or through messaging applications such as WhatsApp. This alert raises new concerns regarding the security of sensitive data for travelers who utilize the platform.
The company, which boasts over 28 million listings for accommodations worldwide, facilitates connections between travelers and various lodging options, including hotels and apartments, in addition to providing services for flights, car rentals, and local attractions.
In an email dispatched to those impacted, Booking.com mentioned that the compromised information could encompass booking details, names, email addresses, physical addresses, phone numbers, and any other data shared with the accommodation providers. “We have recently detected suspicious activity related to some reservations and have taken immediate steps to address the situation,” the email stated.
The company emphasized its commitment to the security of customer information, stating, “The protection of your personal data remains our highest priority. We will continue to improve and expand our comprehensive security measures to safeguard your reservations.”
In response to the incident, the company has altered reservation PIN numbers to enhance security. Customers are also encouraged to adopt additional protective measures, such as installing antivirus software, to mitigate risks associated with phishing scams, where fraudsters impersonate trusted entities to extract personal or financial information.
Efforts to contact Booking.com for further clarification have been made, but details regarding the extent of the breach or potential credit card compromises remain unknown.
This notification comes at a time when the travel industry is experiencing heightened scrutiny due to an increase in complaints regarding financial losses and property damage, compounded by the ongoing uncertainties stemming from the conflict in Iran.
Steve Atkin, a customer from Port Macquarie, New South Wales, shared his experience with a scam targeting Booking.com users. He expressed his frustration after receiving a call from someone posing as a Booking.com representative, which resulted in unauthorized withdrawals from his account. This incident occurred after he booked accommodation in Bali last December and subsequently requested a refund due to issues with the property.
Atkin reported that he received a phone call a few days later from an individual claiming to be a customer service agent for Booking.com, who asked for his credit card details. “If you are a legitimate agent, you should already have that information,” Atkin recalled responding. Upon checking his bank account later, he discovered a deduction of $100.
After reaching out to Booking.com, he was informed that the caller had never been associated with the company and was unauthorized to act on its behalf. Atkin stated, “I didn’t provide my credit card details, and since my booking was through Booking.com, I don’t understand how he acquired my information or why he was aware of my refund request.”
Eventually, Atkin received a refund for both the fraudulent charge and his accommodation costs, but noted that the entire process was arduous and distressing.
Booking.com operates under Booking Holdings, one of the largest online travel companies globally, which reported over $38 billion in revenue last year. The parent company also owns other prominent brands, including Agoda, Kayak, and Priceline.
In Australia, Booking.com is the leading online travel website, capturing more than 30 percent of online bookings, according to the latest data from IbisWorld. National statistics compiled by ABC revealed 842 complaints against Booking.com submitted to consumer protection agencies across various states and territories over the last two years. However, the true figure is likely higher, as certain regions, including Victoria and Western Australia, do not disclose complaints about specific companies.
The National Anti-Scam Centre reported that phishing scams defrauded victims of more than $31 million in the previous year. Scamwatch received over 65,000 reports of scams in 2025, with a significant number of victims being individuals aged 65 and older.
In light of these developments, Booking.com has cautioned customers to be vigilant for suspicious emails or phone calls that may originate from malicious actors impersonating the company or its accommodation partners. The company reiterated that it would never solicit credit card information via phone, text, or WhatsApp, or request bank transfers that deviate from the payment policies outlined in the booking confirmation.
