Overview
- Booking.com, which said Monday it detected suspicious activity, confirmed that unauthorized parties accessed some reservation records with names, emails, addresses and phone numbers.
- The company reset PINs tied to affected bookings, notified users, and filed a breach report with the Dutch data protection authority as required by EU rules.
- Early signs of misuse have surfaced, with user reports of WhatsApp messages that cite real trip details to trick recipients.
- Booking advises customers to ignore any off-platform requests for card data or transfers, enable two-factor authentication, and change passwords as a precaution.
- The scope, timing, and culprits remain unclear, and the incident follows a surge in phishing schemes and a prior Dutch fine in 2021 over an earlier leak.