Are travel companies doing enough to protect your booking data?
The message arrives by WhatsApp and feels completely real, because it is built from real information: your hotel, your dates, your confirmation number. Someone claiming to manage the property warns that your room is at risk unless you verify your card right away. Security researchers call this reservation hijacking, a targeted phishing scheme that leans on details only you and your hotel should know. The data has to come from somewhere, and the travel industry keeps springing leaks, with booking platforms, cruise lines, and airlines all disclosing breaches that mostly trace back to a third party rather than the company’s own front door. Which raises the question travelers can no longer avoid: when a company collects your whole itinerary and a leak in its network turns that data into a weapon aimed at you, who is responsible for what happens next?
