abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Story

27 Mar 2023

Phishing attacks targeting Booking.com customers reveal that sensitive data continues to be exposed

In February 2023, another Booking.com customer was targeted with multiple phishing attempts which feature near-real replicas of the Booking.com webpage. The customer had booked a hotel through the platform for his trip to Italy, and he received two emails and a WhatsApp message from scammers attempting to steal additional personal information. The phishing emails contained his full name, the confirmation number of his reservation, the correct name of the hotel, and the dates of his stay.

Similar incidents have affected Booking.com customers since 2018, and the company continually states that it has not experienced any security breaches. After this most recent incident, the company replied that it has "been made aware that some accommodation partners have been targeted by phishing emails, which unfortunately has led to their systems becoming compromised." The company also states that it is taking action to resolve issues with those accommodation partners, but the source of the continued data leaks remains unknown.

Data breaches containing people's personally identifiable information, including the location of where they will be travelling, are a breach of the right to privacy and risk fraud and unwarranted surveillance.

The Business & Human Rights Resource Centre contacted Booking.com concerning these allegations but the company did not reply.

Company Responses

Booking.com

No Response

Timeline

Privacy information

This site uses cookies and other web storage technologies. You can set your privacy choices below. Changes will take effect immediately.

For more information on our use of web storage, please refer to our Data Usage and Cookies Policy

Strictly necessary storage

ON
OFF

Necessary storage enables core site functionality. This site cannot function without it, so it can only be disabled by changing settings in your browser.

Analytics cookie

ON
OFF

When you access our website we use Google Analytics to collect information on your visit. Accepting this cookie will allow us to understand more details about your journey, and improve how we surface information. All analytics information is anonymous and we do not use it to identify you. Google provides a Google Analytics opt-out add on for all popular browsers.

Promotional cookies

ON
OFF

We share news and updates on business and human rights through third party platforms, including social media and search engines. These cookies help us to understand the performance of these promotions.

Your privacy choices for this site

This site uses cookies and other web storage technologies to enhance your experience beyond necessary core functionality.