:

BOOKING.COM CONFIRMS CUSTOMER DATA BREACH

SECURITY DESK2 MIN READ
TUE, APR 14, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Booking.com has notified customers that hackers accessed personal data in a security incident. The compromised information includes names, emails, physical addresses, and phone numbers.

The travel booking platform confirmed the breach affecting an unspecified number of users. The company's notification did not specify the breach timeline or the total number of affected customers. ■ What Was Accessed According to the company's disclosure, the exposed data includes: - Full names - Email addresses - Physical addresses - Phone numbers Booking.com did not indicate whether payment information, passport details, or other sensitive travel data were compromised in the incident. ■ Company Response The platform is investigating the security incident and has notified affected users directly. Customers were advised to monitor their accounts for suspicious activity and consider changing their passwords. Booking.com did not immediately provide details about how the breach occurred, whether a ransom was demanded, or if law enforcement was involved in the investigation. ■ Industry Context The breach adds to a growing list of security incidents targeting major travel and hospitality companies. Large repositories of personal information make these platforms attractive targets for cybercriminals seeking to steal customer data for identity theft, fraud, or resale on dark web marketplaces. Users of travel booking services typically store extensive personal information on these platforms, including contact details, travel preferences, and sometimes payment methods. ■ Recommended Actions Affected customers should watch for phishing emails claiming to be from Booking.com and verify any communications directly through the official website. Changing passwords is recommended as a precaution, particularly if the same credentials are used across multiple accounts.

■ SOURCES

TechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.