Both Basic-Fit and Booking.com have today issued warnings regarding a security incident in which customer data may have fallen into the wrong hands. At Basic-Fit, approximately 1 million members are believed to have been affected. Booking.com reports that unauthorised parties may have accessed certain booking details of users.
What happened?
At Basic-Fit, the breach involves personal data of members in several countries, including Belgium. According to the company, the following data may have been compromised:
- name
- address
- email address
- telephone number
- date of birth
- bank details
Basic-Fit states that no passwords or identity documents were stolen. Belgian customers whose data is at risk have been contacted by Basic-Fit.
In the case of Booking.com, the following data may be affected:
- name
- email address
- address
- telephone number
- booking details
- information shared with an accommodation provider
We have no information on how Booking.com will notify customers.
What are the risks?
If you are a customer or have recently used Basic-Fit or Booking.com, we advise you to watch out for personalised phishing messages. Cybercriminals use leaked data to send credible phishing messages via email, text message, WhatsApp or telephone.
Scammers may try to deceive you using leaked personal data. For example, they may:
- send a message that appears to be genuine from Basic-Fit, Booking.com or a hotel
- ask you to click on a link
- ask you to ‘confirm’ or ‘update’ payment details
- attempt to collect additional personal information
Please be aware!
1. Be extra vigilant about suspicious messages
Have you received an unexpected email, text message or WhatsApp message regarding your membership, booking or payment? Do not click on links straight away and do not open attachments without first checking carefully who the message is from.
2. Check your accounts via the official app or website
Do not log in via a link in a message; always go to the official Basic-Fit or Booking.com website or app yourself.
3. Change your password if necessary
Do you use the same password on multiple websites? If so, change it immediately wherever you’ve used it. Always choose a strong and unique password.
4. Enable two-factor authentication
Where possible, you should enable two-factor authentication. This makes it much harder for cybercriminals to gain access to your account.
5. Be extra vigilant with payment requests
Booking.com emphasises that it will never ask you via email, telephone, text message or WhatsApp to share your credit card details or make an unusual bank transfer. If you do receive such a request, be on your guard.
