Booking.com Warns Irish Customers of Data Breach

Booking.com has contacted Irish customers to warn them that their personal information may have been accessed by unauthorised third parties as part of a data breach affecting the travel platform.

In an email sent to affected users with the subject line "Important Booking.com Security Update," the company confirmed it had detected suspicious activity affecting a number of reservations and had taken immediate action to contain the issue.

The email, a copy of which has been obtained by Cork Safety Alerts, states:

"Based on the findings of our investigation to date, accessed information could include booking details, names, emails, addresses, phone numbers, and anything that you may have shared with the property."

Booking.com said it has issued updated PIN codes to affected customers to secure their reservations.

The company warned that customers may be targeted by scammers impersonating either their accommodation provider or Booking.com itself. The email states that Booking.com will never ask customers to share credit card details by email, phone, SMS, or WhatsApp, and will never request a bank transfer different from the payment terms in the original booking confirmation.

Customers are also advised to be cautious before clicking on any links in emails that appear to come from a property or from Booking.com, and to install antivirus software on their devices as a precaution against phishing attempts.

Conor Scolard, Director of Cyber Resilience at cybersecurity firm Ekco, said the breach could affect many people in Ireland who have already booked summer travel.

"Unfortunately, those who received the security email alert from Booking.com could see an increase in attempted scams in the coming weeks.

Our advice to anyone who has received the email is to remain vigilant and question any communication about an upcoming or previous booking. In particular, anyone who receives apparent direct contact from their hotel should be on high alert."

Booking.com has not disclosed how many customers have been affected or when the breach took place. The company said the issue is now under control.

It is not the first time the Amsterdam-headquartered platform has faced security issues. In 2018, phishing attacks targeting hotel staff in the United Arab Emirates led to the data of over 4,000 customers being compromised. Booking.com was fined €475,000 by the Dutch Data Protection Authority for reporting that breach too late under GDPR rules.

Anyone with concerns about their Booking.com reservation is advised to contact Booking.com Customer Service directly through the contact details in their booking confirmation.