A cyberattack on Gîtes de France led to personal booking data being leaked from 1995 to 2026. Here’s what happened, what data was taken, and what it means for your safety.
Table of Contents
What Happened?
The attacker accessed data linked to about 389,000 customers who booked stays across Europe.
Two other travel companies were also attacked within the same weekend:
- Pierre & Vacances-Center Parcs
- Belambra holiday clubs
Reports suggest the same hacker carried out all three attacks.
The companies said they will report the incidents to French authorities and the national data protection regulator.
Who Is Affected and What Data Was Taken?
The breach affects people who made bookings between 1995 and 2026.
The data that was leaked includes:
- Names
- Email addresses
- Phone numbers
- Home addresses
- Booking details like stay dates and number of nights
Some regions involved include Guadeloupe, Cantal, and Haute-Garonne.
The company said no payment or banking data was taken. Still, this type of information can be very useful for scammers.
The combination of names, addresses, phone numbers, and travel history gives scammers exactly what they need to run targeted phishing, identity fraud, and social engineering attacks.
With real booking details, they can create messages that look personal and trustworthy, which makes this breach more serious than it may seem at first.
Even if you don’t remember booking with Gîtes de France, it’s still worth checking whether your data was leaked.
With Futureproof, you can quickly see if your email was leaked and get simple steps to secure your account before problems start.
How the Gîtes de France Cyberattack Happened
The company did not explain exactly how the attacker got access. However, one detail stands out.
The hacker reportedly said they wanted to show how vulnerable systems are.
This often points to weak protection inside older systems. Older systems can be easier to break into if they are not updated or closely monitored.
Once inside, attackers can quietly collect large amounts of data. They do not need passwords or credit cards.
Instead, criminals use personal information to make their messages feel real. For example, they can use your booking details to contact you about a “problem” with your stay.
Futureproof monitors your information for data leaks 24/7 and guides you with clear steps to keep it safer from scams.
Run a free checkWhat You Can Learn From This Case
This type of data leak creates risk after the attack.
Scammers can use real booking details to contact you in a convincing way.
They may:
- Pretend to be your travel provider
- Mention your actual trip details
- Ask you to confirm or update information
- Contact you about a “problem” with your stay
This is known as a travel booking phishing scam. The Federal Trade Commission warns that scammers often pretend to be trusted organizations to get people to share more information or send money.
Because the details are real, the message feels legitimate. That is what makes these scams dangerous.

Keep Your Information Safe in 5 Simple Steps
Travel booking phishing scams often start with a simple email, text, or phone call. These small steps can help you avoid giving scammers more information:
1. Double-check every travel-related message
If you receive an email or text about a booking problem, do not trust it immediately. Open the company’s official website yourself and check your reservation there.
2. Be suspicious of urgent requests
Scammers often say you must act “right now” to avoid cancellation fees or booking problems. Real companies usually give you time to verify information.
3. Never click booking links in unexpected messages
A fake email can look almost identical to a real travel company message. Type the website address directly into your browser instead of clicking links.
4. Do not share personal or payment details by phone or email
A legitimate hotel or booking company will not suddenly ask for sensitive information through an unexpected message or call.
5. Watch for follow-up scams after a data leak
After incidents like this, scammers may use leaked booking details to sound believable. Be extra careful with travel-related messages over the next few weeks.
You Can Be Targeted Even After a Normal Booking
The Gîtes de France cyberattack shows how one data leak can quickly turn into a wave of highly convincing travel booking phishing scams.
Even if no payment details were taken, personal booking information can still help scammers contact people with realistic emails, texts, or phone calls.
That is why it is important to stay careful after incidents like this.
Check travel-related messages closely, avoid clicking unexpected links, and contact companies directly through their official websites if something feels suspicious.
That way, you protect not only your personal information, but also your peace of mind.

At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
