Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
RISC-V pioneer SiFive has raised $400M in an oversubscribed Series G led by Atreides Management with Nvidia backing. Valued at $3.65B, the company is expanding into AI data centre CPUs via Nvidia's NVLink Fusion ecosystem.
Anthropic’s rise is no longer about models, but control. As it embeds across enterprise, leaked code reveals deep telemetry, remote overrides and emerging autonomy. Industry leaders warn the same systems reshaping business may amplify cyber risk beyond current defences.
Booking.com confirms hackers accessed customer names, emails, addresses, and booking details via third-party compromise. Stolen data is already fuelling targeted WhatsApp phishing attacks, exposing deep supply chain vulnerabilities in global travel platforms.
Booking.com’s confirmation on 13 April 2026 that unauthorised parties accessed customer booking data marks another serious lapse in safeguarding traveller privacy. The exposed information – names, email addresses, phone numbers, physical addresses, reservation specifics and platform–hotel message histories – while excluding financial details per the company’s statement, has already fuelled a wave of highly targeted secondary attacks.
Affected Australians report receiving WhatsApp messages bearing accurate booking particulars days before official notification, with one Bali traveller losing $100 to a fraudster impersonating Booking.com support.
This is not an isolated failing but a symptom of a systemic vulnerability: security firms Bridewell and Sekoia have long documented how attackers compromise hotel partner credentials via infostealer malware, then mine reservation databases to craft convincing phishing lures. The Dutch Data Protection Authority’s €475,000 fine against Booking.com in 2021 for an almost identical supply-chain breach underscores the pattern.
The scale of exposure is significant: Operating across 28 million global listings and processing hundreds of millions of bookings yearly, the scale of potential harm is immense. Yet critical questions remain unanswered: how many customers were affected, for how long was data accessible, and through what precise vector? This opacity complicates individual risk assessment and raises concerns about compliance with GDPR and Australia’s Privacy Act, which mandate timely, transparent disclosure of breaches involving personal information.
Treat every unexpected Booking.com message as suspect until proven otherwise. Go directly to the official app or website and avoid clicking on links in emails, texts or WhatsApp messages, no matter how authentic they look.
Check your current reservations line by line. Look for any change to guest names, email addresses or phone numbers, which can signal that someone is already inside your account. Turn on two-factor authentication immediately to make it materially harder for attackers to reuse stolen credentials.
Ensure reputable antivirus software is installed and up to date on any device you use for travel bookings, given infostealer malware is a key tool in this campaign. Be wary of unsolicited calls or messages from anyone claiming to represent Booking.com and refuse to share card details, one-time passwords or security codes. Keep a close eye on bank and card statements for unfamiliar transactions, even though there is no firm evidence yet that card numbers were the primary target.
Where possible, route bookings through a dedicated email alias so that a compromise does not expose your main inbox. Do not rely solely on Booking.com’s automatic PIN reset. Log in and update reservation PINs and account security settings yourself to close off easy opportunities for follow-on fraud.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Anthropic’s rapid push into enterprise AI and its $30B raise signal a new phase where autonomous systems drive both productivity and cyber risk. As AI executes tasks at machine speed, markets, governments and workers face a sharper question: who controls the systems now shaping outcomes.
Zero‑day bugs in high‑privilege edge and security tools are being weaponised faster than organisations can patch, compressing response windows for Asia–Pacific defenders and turning shared enterprise stacks into a regional blast radius for attack.
Iran’s confrontation with the US and Israel is playing out as a rolling cyber campaign, with Iran aligned and proxy groups running noisy DDoS, defacement and hack and leak attacks on banks, telecoms and government targets, while active Chrome zero days give attackers fresh options.
Australia’s healthcare sector faces sustained ransomware pressure, with multiple threat groups exploiting weak controls and legacy systems. Recent breaches highlight systemic gaps, where compromised vendors and undetected lateral movement are driving a rising risk of sector-wide disruption.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
