abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

This page is not available in Italiano and is being displayed in English

Story

27 Mar 2023

Phishing attacks targeting Booking.com customers reveal that sensitive data continues to be exposed

In February 2023, another Booking.com customer was targeted with multiple phishing attempts which feature near-real replicas of the Booking.com webpage. The customer had booked a hotel through the platform for his trip to Italy, and he received two emails and a WhatsApp message from scammers attempting to steal additional personal information. The phishing emails contained his full name, the confirmation number of his reservation, the correct name of the hotel, and the dates of his stay.

Similar incidents have affected Booking.com customers since 2018, and the company continually states that it has not experienced any security breaches. After this most recent incident, the company replied that it has "been made aware that some accommodation partners have been targeted by phishing emails, which unfortunately has led to their systems becoming compromised." The company also states that it is taking action to resolve issues with those accommodation partners, but the source of the continued data leaks remains unknown.

Data breaches containing people's personally identifiable information, including the location of where they will be travelling, are a breach of the right to privacy and risk fraud and unwarranted surveillance.

The Business & Human Rights Resource Centre contacted Booking.com concerning these allegations but the company did not reply.