Booking.com breach: what UK travellers must do now
NEWS · Booking.com suffered a data breach. Here's what happened, who's affected, and the steps you should take to protect your account and personal information.
Booking.com has confirmed a data breach affecting customer accounts, prompting urgent action for UK travellers who use the platform.
What happened
Booking.com disclosed that unauthorised access to some user accounts occurred, allowing attackers to view customer information including names, email addresses, phone numbers, and encrypted payment details. The company detected the breach and took steps to secure affected accounts. According to Booking.com's official statement, the breach was discovered and remediated, though the exact number of affected users and breach timeline remain under investigation.
What it means for you
If you hold a Booking.com account—whether active or dormant—your personal data may have been exposed. The good news: payment card details were encrypted, limiting direct financial risk. However, your email address and phone number are now in criminal hands, making you vulnerable to phishing attempts and identity fraud. Attackers may impersonate Booking.com or use your contact details for targeted scams. UK travellers should expect suspicious emails or calls requesting login credentials or payment information.
What to do now
First, change your Booking.com password immediately—use a strong, unique combination you've not used elsewhere. Enable two-factor authentication on your account if available. Second, monitor your email and phone for suspicious contact; be wary of messages claiming to verify your account or offering refunds. Third, check your bank and credit card statements for unauthorised transactions; report any fraud to your card issuer immediately. If you've reused your Booking.com password on other travel or financial sites, update those too. Finally, consider placing a fraud alert with Experian, Equifax, or CallCredit—the UK's three main credit reference agencies—to flag your account for suspicious activity. Watch for phishing emails impersonating Booking.com; the company will never ask for passwords via email.
#ad — we earn a small commission at no cost to you when you book through our links.
