Personal customer information, such as names, addresses, phone numbers, costs, reference numbers and booking dates were included in the emails, leading customers to believe that they were legitimate.
A spokesperson for Booking.com said that there had been no compromise on their systems, however.
“Security and the protection of our partner and customer data is a top priority at Booking.com. Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform.
“In this case, there has been no compromise on Booking.com systems. A small number of properties have been targeted by phishing emails sent by cyber criminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at Booking.com, we are supporting impacted guests to compensate for any losses incurred, and reclaim these from the property.
Get the full story at The Independent