If you are a frequent user of Booking.com for hotel stays or flight tickets, your personal data might already be in the hands of cybercriminals. The global travel giant has officially confirmed a significant data breach where unauthorized third parties gained access to sensitive customer information.

According to a statement released by the company, hackers managed to infiltrate the system and access critical details including customer names, email IDs, home addresses, phone numbers, and specific booking itineraries. While the breach is extensive, Booking.com has reassured users that financial data and credit card information remain secure and were not compromised during the attack.

Spokesperson Courtney Camp stated that the company took immediate action upon discovering the breach, terminating the unauthorized access and resetting PINs for all affected bookings. Investigations revealed that the breach likely originated in 2024 via spyware installed on check-in computers at a hotel in the US, which provided a gateway to the platform’s servers. Although the total number of affected users hasn’t been disclosed, the company is urging travelers to remain vigilant against potential phishing attempts.