The site has already sent a warning to some of its customers that their personal data has ended up in the hands of the attackers. However, the company emphasizes that, among other things, credit card details did not leak in connection with the data breach.
According to The Guardian reporting, the company has not revealed how large a share of its customers the breach affects - nor what specific customer data has fallen into unauthorized hands.
Although Booking.com is a subsidiary of the American company Booking Holdings, Booking.com's head office is located in Amsterdam. Because of the location of its headquarters, the company's obligation to report data breaches is very clearly defined under EU legislation. The company informed the Dutch authorities about the breach only 22 days after it occurred, and therefore it will have to pay a fine for the delayed notification.
According to the company statement, the PIN codes for upcoming hotel night reservations have been changed for all customers whose data was involved in the breach.
Written by: Petteri Pyyny @ 13 Apr 2026 12:34
