Back to overview
Confidence MediumApr 25, 2026booking.com

Booking.com Confirms Data Breach, Warns of Reservation Hijacking and Targeted Attacks

PatternExternal actor · Social · Confidentiality impact

Booking.com confirmed a data breach where unauthorized third parties gained access to certain customer reservation data. Experts warned on April 25, 2026, that the leaked information could be used for booking fraud and targeted phishing attacks, known as 'Reservation Hijacking.' Initial notifications to customers began around April 13, 2026, stating that booking information, including personal details, might have been exposed. The platform did not disclose the exact number of affected customers or regions.

Signal date
Apr 25, 2026
Updated
Jun 29, 2026
Confidence
Medium
Sources
9 sources
booking.com logo

Booking

Sector
Information
Signals
1 linked

Signal context

First seen: Apr 25, 2026

Last updated: Jun 29, 2026

Status: Public signal

Key points

  • Confirmation/Warning date: April 25, 2026.
  • Initial notifications: April 13, 2026.
  • Affected data: Reservation data, including names, emails, phone numbers, and potentially other personal details. Financial information was reportedly not compromised.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Booking logo
Booking

Sector: Information

Likely country: Location not provided

Estimated
Threat source
Social activity

Watch phishing, executive impersonation and account-takeover exposure.

  • Source type: outside the affected organization
Business impact
Potential fraud or account takeover risk

Impact area: Confidentiality

Likely asset: User or customer data

Trend context
5 signals with similar action pattern
  • 23 signals in the same sector
  • 88 signals with the same likely impact area
  • 1 signal linked to this organization/domain
Mentioned entities
BookingData DisclosureWarns of Reservation Hijacking andTargeted Attacks Booking.comExpertsReservation HijackingInitialConfirmationWarningAffected

External sources

Related signals

Grouped by why the signal is relevant.

dinum.fr logoDinumJun 12, 2026
Same sectorSame action patternSame impact area

French government messaging platform Tchap breached via compromised user account

DINUM, the French government's digital affairs directorate, warned that hackers breached Tchap, France's encrypted messaging platform for public sector workers, using a compromised user account. The incident was detected by ANSSI, after which the affected account was blocked and an investigation launched into what conversations and data may have been accessed. DINUM has notified France's data protection authority, CNIL, due to the potential exposure of personal data. A threat actor claimed responsibility, alleging they used social engineering to access an education-related account and scrape messages, account information, and files, including 13.5GB of data from the French tax authority and other civil servants.

tchap.gouv.fr logoTchapJun 12, 2026
Same sectorSame action patternSame impact area

French Government Messaging Service Tchap Breached via Hijacked Account

Tchap, the French government's encrypted messaging platform, suffered a data breach after a user account was compromised through social engineering. Attackers reportedly scraped 13.5GB of data, including 560,000 messages and information on over 73,000 accounts, such as email addresses, organization details, meeting links, and account and device metadata, from the French tax authority and other civil servants. DINUM, the digital affairs directorate of the French government, issued a warning about the incident. The breach was disclosed on June 12, 2026.

microsoft.com logoMicrosoftJun 25, 2026
Same sectorSame action pattern

Malicious 'Edgecution' Extension Exploits Microsoft Edge Native Messaging for Ransomware Deployment

Security researchers reported on June 25, 2026, the discovery of a new malware campaign dubbed 'Edgecution,' which utilizes a malicious Microsoft Edge extension to deploy ransomware and a Python-based backdoor. The extension abuses the Native Messaging API to escape the browser sandbox and establish a persistent system-level executor. Attackers are reportedly using Microsoft Teams for social engineering, directing victims to fake 'Outlook Updates Management Console' websites to trick them into installing the malicious extension. This campaign is believed to be operated by an Initial Access Broker (IAB) linked to the 'Payout Kings' ransomware operation.

xsolis.com logoXsolisJul 2, 2026
Same action patternSame impact area

Xsolis Data Breach Exposes 1.4 Million Patient Records Across Eight Health Systems

A targeted phishing attack on healthcare AI company Xsolis exposed the data of at least 1.4 million patients across eight U.S. health systems, including Mayo Clinic. The breach, which occurred on January 20, 2026, was reported to HHS on June 5, and widely reported on July 2, 2026. Exposed data included Social Security numbers, health insurance details, and medical treatment records.

aivd.nl logoAivdJul 1, 2026
Same sectorSame impact area

CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig

The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.

stnet.co.jp logoStnetJun 28, 2026
Same sectorSame impact area

STNet, Inc. Affected by KDDI Corporation Data Breach

STNet, Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. STNet customers' email addresses and passwords may have been compromised.