rss feed

Personal data stolen from Booking.com customers

23 December 2014 by
Personal data stolen from Booking.com customers

Thousands of customers of online travel agent Booking.com have been conned following the theft of personal data, a whistleblower has revealed.

BBC Radio 4's Money Box

'Tom' spent 12 days working from his home computer, calling around 250 Booking.com customers per day from a supplied list. Many were visitors travelling to London from countries such as Japan, China, India, and South Africa.

"We were told to call up people and tell them that they'll receive an email… and if they have any questions they should get in touch with us," 'Tom' told Money Box.

"We had to say that we were calling from [the hotel into which the customer had booked] and we would send an email and it would appear that the hotel was sending them an email."

The subsequent e-mail would ask for advance payment for the hotel booking, with bank details that had no connection to the hotel. Customers who queried the payment demand were directed to a fraudulent phone line, where the criminals had installed staff who posed as Booking.com employees, insisting that the hotels had changed their payment policies.

Some of the customers sent a payment, but found the hotel had no record of it when they checked in. Although they have received refunds for the double payment, the episode represents a major security breach.

Booking.com has estimated that about 10,000 people were affected.

‘Tom' claims he was unaware that he was involved in criminal activity and agreed to speak to Money Box because he was angry at having become accidentally involved.

A Booking.com customer named as 'Claire' from West Yorkshire said she received a phone call asking for payment in advance for a London hotel in November.

She avoided being conned by phoning the hotel directly and establishing that they had not demanded advance payment. However, she wants Booking.com to announce publicly that customer details are now safe.

"I want to know how this scamming company is finding out the reservation numbers, the dates, the contact details - there's a lot of private information there," she said.

A spokesperson for Booking.com told Money Box the firm is working with police on how to prevent future phishing attacks. The company declined to be interviewed.

TagsHotels and Crime

Recommended Articles

Restaurant

Hotel Chocolat-owned London site Rabot 1745 opens al fresco terrace

Restaurant

Gary Rhodes to resurrect Rhodes W1 name in Dubai

Hotel

Legacy Hotels and Resorts operates four properties from Surya Hotels

Foodservice

Caterer and Hotelkeeper 100: Rufus Hall, Orchid Group

The Caterer Breakfast Briefing Email

Start the working day with The Caterer’s free breakfast briefing email

Sign Up and manage your preferences below

Details given will be used in accordance with our Privacy Policy
Check mark icon
Thank you

You have successfully signed up for the Caterer Breakfast Briefing Email and will hear from us soon!

Jacobs Media is honoured to be the recipient of the 2020 Queen's Award for Enterprise.

The highest official awards for UK businesses since being established by royal warrant in 1965. Read more.

© {{year}} All rights reserved. Jacobs Media Group Limited is a company registered in England and Wales, company number 08713328. 3rd Floor, 52 Grosvenor Gardens, London SW1W 0AU.

close

Ad Blocker detected

We have noticed you are using an adblocker and – although we support freedom of choice – we would like to ask you to enable ads on our site. They are an important revenue source which supports free access of our website's content, especially during the COVID-19 crisis.

trade tracker pixel tracking