Following reports that Booking.com suffered a data breach exposing customer booking details, a cybersecurity expert warns this type of incident could significantly increase highly convincing travel scams.
According to NordVPN’s Adrianus Warmenhoven, even limited data exposure can have serious real-world consequences for travellers:
“This type of breach is particularly dangerous not because of financial data, but because of context. When attackers gain access to booking details, such as names, travel dates and accommodation information, they can craft highly convincing, personalised scams that are much harder to detect.”
“Imagine receiving a message that references your exact stay, dates and property – it immediately feels legitimate. This is exactly what cybercriminals rely on. We expect to see a spike in phishing emails, fake payment requests, and ‘verification’ messages targeting affected users.
“Travel-related data is especially sensitive because it introduces a time element,” Warmenhoven adds. “Scammers know exactly when you’re due to travel, which makes their messages feel urgent and legitimate – whether it’s a ‘problem with your booking’ or a ‘last-minute payment request’.
“If you’ve recently booked travel, be extremely wary of any unexpected communication asking for payments, verification, or personal details – even if it appears to come from a trusted source. Always verify directly through official platforms, not links or phone numbers provided in messages.”
Warmenhoven offers key tips for travellers:
- Avoid clicking on links in unexpected emails or messages about bookings;
- Never share payment details via email, SMS, or messaging apps;
- Verify requests by logging into official platforms directly; and
- Watch for urgency tactics or last-minute “issues” with reservations.