2026-04-17 17:06
publication
2026-04-17 17:06
Some users' data, such as e-mail addresses, phone numbers and reservation information, was leaked from Booking.com; while financial data, e.g. credit cards, remained safe – the platform's press office told PAP. CERT Polska confirmed that the leak included, among others: Polish users.
On Monday, foreign media, including the Guardian, began to report that there was a hacker attack on Booking.com, as a result of which the data of some users was leaked, and the platform was sending e-mails to the victims regarding this matter.
As reported by the Booking.com press office, as a result of the cybersecurity incident, only reservation data and user contact details, such as e-mail address and/or telephone number, were leaked from the platform. However, cybercriminals did not gain access to financial data – payment cards and credit cards, nor to customers' residential addresses.
“While the unauthorized access was quickly stopped, we are still assessing the impact. To date, we have determined that the majority of leaked information relates to prior reservations. As our customers remain our top priority, we have notified them immediately. We are also cooperating with law enforcement and data protection authorities, providing them with the information they need to further their investigation,” Booking.com said.
However, it did not answer questions about the date of the leak, its causes or its scale.
The CERT Polska team said that it had not received any reports regarding the incident at Booking.com, but “analysis of publicly available materials indicates that it also affects some Polish users.”
The team emphasized that the image of booking companies, in particular Booking.com, is very often used in phishing scenarios, which means that cybercriminals impersonate such platforms and try to extort data or money. “Such campaigns are most often of a mass nature and we do not clearly link them to the above-mentioned incident. However, the situation in cyberspace is dynamic and it may happen that information obtained from the leak will be used by fraudsters for further activities,” noted CERT Polska.
As reported by the Guardian, this is not the first incident of this type at Booking.com. In 2018, cybercriminals stole the login details of a platform employee from the United Arab Emirates and then gained access to the data of over 4,000 people. users. The platform then reported the leak to the Dutch data protection authority 22 days after the fact, and received a fine of PLN 475,000. euro.
Booking.com is one of the world's largest online platforms for booking accommodation, founded in 1996 in Amsterdam. It is currently owned by the American company Booking Holdings. The platform allows you to book over 28 million accommodations, including hotels, apartments, holiday homes and guesthouses, in 43 languages.
Monika Blandyna Lewkowicz (PAP)
mbl/pad/
