Booking.com confirms phishing attack, credit card data may be at risk

Booking.com confirmed that it had recently been the victim of a phishing attack. According to the company’s statement released on November 12, hackers were able to steal consumers’ credit card information.

 

Booking.com is still investigating the impact of the incident, but it is expected to send out data breach notification letters to all affected individuals once its investigation is complete.

 

The attack began when a hacker pretending to be a traveler emailed various hotels. When a hotel employee clicked on a malicious link in the email, the hotel’s computer became infected with a virus.

 

The virus allowed hackers to obtain hotels’ IDs and passwords for Booking.com. Hackers then used this information to send fake emails to travelers pretending to be hotel staff members. These emails explained that travelers needed to enter their credit card information into a fake Booking.com site, where the hackers could steal it.

 

Once the current investigation is complete, Booking.com will be required under federal law to send data breach letters to anyone affected. These letters should provide victims with a list of what information was compromised.