Customer info potentially compromised after Booking.com suffers data breach
Calista Wong
The Straits Times
April 15, 2026
Unauthorised parties may have accessed customers’ information after travel booking platform Booking.com suffered a data breach.
In an e-mail sent to its users and seen by The Straits Times on April 15, the platform said it “recently noticed suspicious activity affecting a number of reservations”.
Its investigations revealed that accessed information could include booking details, names, e-mail addresses and phone numbers associated with the booking, and anything that customers have shared with the property they made a reservation for. Financial information was not accessed from its systems, it said.
In response to queries, Booking.com said in a statement on April 15 that customers’ home addresses were not accessed from its systems either.
“We have dedicated teams and employ machine learning tooling to monitor, detect and block suspicious activity around the clock and continuously work to enhance the robust security measures we have in place,” it added.
It did not provide further details on the scale of the breach, such as the number of customers affected.
The platform has since sent new PINs for users with reservations, adding that it “immediately took action to contain the issue”.
It warned customers to watch out for suspicious e-mails or phone calls posing as the property or Booking.com, saying that it would never ask for credit card details through e-mail, over the phone, through text, or via WhatsApp.
Booking.com also urged users to set up security protocols, such as an antivirus program, on their devices to stay safe from phishing attempts.
“The security of your personal information is our utmost priority. We’ll continue to enhance and extend the robust security measures we have in place to secure your reservations with us,” the e-mail added.
Some Booking.com users previously received e-mails or messages from the platform’s in-app chat function from scammers posing as hotel representatives. The scammers would ask the victims to access a fraudulent link to verify their reservation, which would then prompt them to share their personal and banking details.
See something interesting? Contribute your story to us.
Explore more on these topics
