The cyberattack on Booking in 2026 served as a wake-up call for everyone accustomed to trusting online booking services. As a result of the breach, attackers gained access to clients’ personal data, creating a real risk of fraud and attempted theft. For many Spaniards who regularly use Booking, the incident was a reminder that even major international platforms are not immune to data leaks.
According to RUSSPAIN, compromised information included names, email addresses, phone numbers, and residential addresses associated with bookings. The company assured that financial data was not affected, but the very fact of access to personal information is concerning. This is especially true given that fraudsters may use this data to send phishing emails and make calls, posing as Booking representatives or hotels.
Impact on customers
Affected users have already begun receiving notifications from Booking warning about potential scams. The company promptly changed booking PIN codes to limit further unauthorized access. However, this is not enough: experts recommend carefully checking any messages related to payments or booking confirmations, and not disclosing bank card details by email or phone.
In recent years, such incidents have become more frequent. As Talent24h notes, similar attacks have previously targeted energy companies, where perpetrators gained access not only to contacts but also to customer contracts. In the case of Booking, even though bank details were not leaked, the risk of fraud remains high due to the large volume of personal data involved.
Security recommendations
Booking strongly advises ignoring any emails, calls, or messages in messengers asking for card details or requesting a transfer. All payments must be made only through the official website or app, and any deviation from the standard procedure should raise concern. Users are advised to carefully read the payment terms and not respond to requests that do not match the service’s policies.
Pay close attention to details: scammers often use real booking information to create the appearance of legitimacy. Even if the message contains the exact check-in date or hotel name, this does not guarantee its authenticity. If you have doubts, it is best to contact Booking support directly through the official website.
Market response and experience of other companies
The Booking incident sparked a wave of discussion among cybersecurity experts and representatives of the hospitality industry. Many hotels have strengthened their own security measures to prevent similar incidents from happening again. Analysis by russpain.com indicates that, following high-profile data breaches in other sectors—such as energy—companies are increasingly investing in monitoring systems and staff training.
At the same time, clients have become more demanding regarding transparency and the speed of notification about such incidents. User expectations have risen: now they want not only to be informed about the data breach itself, but also to receive clear instructions on what to do next. In this context, Booking had to act quickly to minimize reputational damage and restore trust.
Data protection issues in the tourism industry are becoming increasingly relevant. As the number of cyberattacks rises, hotel owners and booking services are being forced to rethink how they store and handle information. The experience of an aristocratic family managing a hotel chain in Spain shows that long-term success in the market is impossible without investing in security and customer trust—learn more about this in our feature on the impact of family-owned companies on the hospitality business on russpain.com.
Booking.com is one of the world’s largest online booking services, serving millions of customers and thousands of hotels. In recent years, the platform has repeatedly faced hacking and fraud attempts, prompting the company to invest in new data protection technologies. Despite these efforts, data breaches continue to occur, highlighting the vulnerability of even the market’s biggest players. In Spain, Booking is particularly popular among tourists and business travelers, making any security incidents especially visible and widely discussed.
