Booking.com data breach and phishing scams affecting Australian customers
Consensus Summary
Booking.com has alerted customers that a data breach may have exposed personal information, including names, emails, phone numbers, and booking details, accessed by unauthorized parties. Both sources confirm the company advised users not to share credit card details via insecure channels and issued new reservation PINs to enhance security. The breach follows a rise in phishing scams, with over 65,600 Australians losing $31 million to such schemes in 2025. ABC highlights a specific case where a Port Macquarie man, Steve Atkin, was targeted in a scam call impersonating Booking.com, resulting in a $100 unauthorized transfer. While the exact number of affected customers and whether financial data was compromised remains unclear, Booking.com has emphasized its commitment to improving security measures. The incident adds to broader concerns about cybersecurity in the travel industry, particularly amid increased scams and operational complaints against the company.
✓ Verified by 2+ sources
Key details reported by multiple sources:
- Booking.com issued a warning to customers about a data breach where names, email addresses, phone numbers, and booking details may have been accessed by unauthorized third parties.
- Customers were advised not to share credit card details via email, phone, text, or WhatsApp due to the breach.
- Booking.com sent emails to affected customers with new reservation PIN numbers to enhance security.
- The breach involved personal information shared with accommodation providers, not just Booking.com’s own data.
- Booking.com operates over 28 million accommodation listings globally.
- ScamWatch reported over 65,600 Australians lost $31 million to phishing scams in 2025.
- Booking.com warned customers about phishing attempts impersonating the company or accommodation providers.
- The breach is part of a broader rise in cyberattacks and scams targeting Booking.com customers, including a 900% surge in phishing attacks in 2024 (per Techzine, cited by NEWSCOMAU).
Points of Difference
Details reported by only one source:
- Techzine reported Booking.com has been hit by multiple cyberattacks, including a phishing scam stealing login credentials from hotel workers in the UAE.
- The breach email was sent overnight to Australian customers, including new reservation and PIN numbers.
- It is not known if credit card or bank information was compromised in the breach.
- Steve Atkin from Port Macquarie was targeted by a scam call impersonating Booking.com, leading to a $100 unauthorized deduction from his account after requesting a refund for a Bali booking in December 2025.
- Booking.com is the most used online travel website in Australia, accounting for over 30% of online travel agent bookings (per IbisWorld).
- There were 842 complaints made about Booking.com to state and territory consumer bodies over the past two years, though the real number is higher due to non-disclosure in some states.
- The incident coincides with increased scrutiny of Booking.com following complaints about lost money and damaged properties, amid uncertainty in the tourism sector due to the Iran war.
Contradictions
Conflicting information between sources:
- NEWSCOMAU mentions a phishing scam surge of 900% in 2024, but ABC does not provide a specific percentage for comparison.
- NEWSCOMAU states the breach email was sent 'overnight,' while ABC does not specify a timeframe for the email distribution.
Source Articles
Major travel company suffers huge data breach
One of the world’s largest travel giants has issued a warning to Aussies after it suffered a massive data breach, leading to customers’ personal information being compromised.
Booking.com customers involved in possible data and security breach
Some Booking.com customers are being warned their personal information may have been accessed by unauthorised third parties, prompting fresh concerns about the security of travellers' data.