The hackers got home addresses, telephone numbers and travel routes for millions of families.
The French tourist market has faced a series of leaks that look especially alarming because of the nature of the stolen data. We are talking not only about contacts of customers and details of bookings, but also about information about children, which are often indicated when registering a family holiday.
Three major structures were reported about the hacks at once: Pierre & Vacances-Center Parcs, Belambra and Gîtes de France. According to French Breaches, in the case of Pierre & Vacances-Center Parcs, the attacker could get information about more than 4.5 million customers of the subsidiary platform La France du Nord au Sud, associated with the Maeva brand. The leak could affect the data from 2005 to 2026.
In the materials caught to the hacker could be the names of customers, booking numbers, dates of stay, phones, dates of birth and data about other guests specified in the orders. At the same time, Pierre & Vacances states that the bank data and email addresses have not been compromised.
Belambra also confirmed unauthorized access to part of the digital infrastructure. French Breaches claims that the attacker received about a six-month array of internal data. Among the information affected could be more than 41 thousand detailed reservations, more than 42 thousand customer files and about 360 thousand records related to minors and children included in orders.
The company said the incident affected some of the data from the booking files, but did not lead to the compromise of payment information, identity documents, and passwords. Belambra announced the measures taken, internal verification and filing the complaint, but the exact number of affected customers has not yet been named.
Later, the theft of the data was reported by Gîtes de France. According to French Breaches, the incident could affect more than 389 thousand customers, and the stolen information covers the period from 1995 to 2026. The array could have names, postal addresses, emails, telephones and booking details.
Gîtes de France links the incident with ITaa’s ITa services provider, which is used by some regional booking centers. Among the possible affected areas were Guadeloupe, Upper Garonna and Cantal.
A series of attacks shows that the tourism sector has become a convenient target for cybercriminals. Such platforms store large amounts of personal data, including family information, travel routes and contacts. Even without payment data, such databases are valuable for fraud, phishing and resale on shadow platforms.
The French tourist market has faced a series of leaks that look especially alarming because of the nature of the stolen data. We are talking not only about contacts of customers and details of bookings, but also about information about children, which are often indicated when registering a family holiday.
Three major structures were reported about the hacks at once: Pierre & Vacances-Center Parcs, Belambra and Gîtes de France. According to French Breaches, in the case of Pierre & Vacances-Center Parcs, the attacker could get information about more than 4.5 million customers of the subsidiary platform La France du Nord au Sud, associated with the Maeva brand. The leak could affect the data from 2005 to 2026.
In the materials caught to the hacker could be the names of customers, booking numbers, dates of stay, phones, dates of birth and data about other guests specified in the orders. At the same time, Pierre & Vacances states that the bank data and email addresses have not been compromised.
Belambra also confirmed unauthorized access to part of the digital infrastructure. French Breaches claims that the attacker received about a six-month array of internal data. Among the information affected could be more than 41 thousand detailed reservations, more than 42 thousand customer files and about 360 thousand records related to minors and children included in orders.
The company said the incident affected some of the data from the booking files, but did not lead to the compromise of payment information, identity documents, and passwords. Belambra announced the measures taken, internal verification and filing the complaint, but the exact number of affected customers has not yet been named.
Later, the theft of the data was reported by Gîtes de France. According to French Breaches, the incident could affect more than 389 thousand customers, and the stolen information covers the period from 1995 to 2026. The array could have names, postal addresses, emails, telephones and booking details.
Gîtes de France links the incident with ITaa’s ITa services provider, which is used by some regional booking centers. Among the possible affected areas were Guadeloupe, Upper Garonna and Cantal.
A series of attacks shows that the tourism sector has become a convenient target for cybercriminals. Such platforms store large amounts of personal data, including family information, travel routes and contacts. Even without payment data, such databases are valuable for fraud, phishing and resale on shadow platforms.
