Booking.com is reported to have confirmed a phishing attack, which had been rumoured since last month.
The platform said that its investigation into the incident was ongoing.
Reports had suggested that customers were receiving emails, purporting to be from the website, asking them to confirm their hotel payment, on threat of their booking being cancelled.
In 2021 the group was fined €475,000 ($560,000) fine after failing to report a data breach within the time period mandated by the General Data Protection Regulation.
The fine dated back to a breach in 2018.
Comments