Dozens of hotels in the Netherlands, Belgium, and Ireland have been affected by a data breach in which customer data and reservation information were stolen.
“We are being flooded with new reports. In the Netherlands, at least one hundred hotels have been affected. But reports are also coming in from Belgium and Ireland,” Tim Vissers, Managing Director at Hospecs, tells Dutch news outlet NOS in a response.
In a message on LinkedIn, Vissers confirms that the attackers stole customer data and reservation information. This data has already been used to target unsuspecting travelers with phishing messages, prompting them to pay for their reservation or risk having their booking canceled.
According to Vissers, the vulnerability is most likely in the software that hotels use to book reservations.
“There are several layers between making a reservation and confirming it, including the processes for confirming a reservation and setting a price. It appears that the vulnerability lies in one of those systems,” the Managing Director explains.
Belgian news outlet Het Laatste Nieuws reported that hundreds of Flemish hotel guests have fallen victim to phishing using data from the data breach, causing thousands of euros in damages in some cases.
Hospecs is now collecting data to map out which hotels have been affected, which systems they use, and exactly what data was stolen. Hotels that have been compromised are being requested to fill out a form that was published online earlier this week.
The Dutch data protection authority (AP) has launched an investigation into the data breach.
Numerous travel and booking agencies have been targeted by hackers lately. In October 2025, Dutch travel agency Sunweb Group confirmed that an unauthorized party managed to steal the personal information of an undisclosed number of clients.
The exfiltrated data included full names, email addresses, phone numbers, and booking information, such as travel dates and destinations. No bank or credit card details, passwords, or passport and ID document information were compromised.
In April 2026, online travel agency Booking.com fell victim to a data breach. A lot of personal details were exposed, including names, email addresses, phone numbers, residential addresses, and other information customers may have shared with the accommodation.
In both cases, victims were targeted with phishing attempts to trick them into transferring money to scammers’ bank accounts.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked