Sunweb Group discloses data breach, warns customers of phishing attempts

Published: 7 October 2025
Last updated: 7 October 2025
sunweb-group-phishing
Image by Cybernews.

Dutch travel agency Sunweb Group has confirmed that an unauthorized party managed to steal the personal information of an undisclosed number of clients. This data has been misused to trick customers into transferring money to their bank accounts.

Sunweb doesn’t say when the data breach occurred. What the travel agency does acknowledge is that customers have been receiving phishing emails since September 30th, 2025.

These emails originated from another company’s hacked email server outside the Netherlands. Customers were asked to confirm their details and to make a payment. If they didn’t comply, their booking would be cancelled, the fake message said.

ADVERTISEMENT

“Sunweb Group has, after a thorough investigation, confirmed that some of the data used in the phishing emails originated in one of its systems, which had been hacked. As a result, some customer data was taken by cybercriminals and was used for phishing emails,” the company stated in a press release.

The data that has been exfiltrated includes full names, email addresses, phone numbers, and booking information, such as travel dates and destinations. Sunweb stresses that no bank or credit card details, passwords, or passport and ID document information were compromised.

exfiltrated-data-list
Image by Cybernews.

As soon as the data breach came to light, the travel agency immediately launched an investigation and followed security protocols. The affected system was closed, and security has been beefed up. The breach has been reported to the Dutch data protection authority (DPA).

Affected customers have also been informed and are advised to remain vigilant.

“If anyone suspects they have responded to a phishing email, they should contact their bank immediately and report the incident to the appropriate authorities,” the company concludes.

Sunweb has also posted a warning for customers on its website.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

“We are aware of phishing emails that pretend to be booking confirmations from us. Please note: we never ask you to confirm bookings via links in emails. We only send emails from our domain @sunweb.nl, @sunweb.com, or @sunwebgroup.com.”

As of the time of writing, no ransomware operation has claimed responsibility for the data breach.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT