Gîtes de France among three booking websites to be hit by cyberattack
Data relating to more than two million bookings accessed over the weekend
Information about bookings from 1995 - 2026 were taken
Pack-Shot/Shutterstock
France’s tourism industry has been hit by a string of cyberattacks over the weekend, with ‘Gîtes de France’ the latest to announce it has been the victim of an operation.
The breach gave a hacker access to the information of potentially 389,000 clients who have used the website to book a stay at a gîte across Europe.
“A security incident resulted in unauthorised access to certain data related to customer booking records,” said the website in a press release given to Agence France Presse.
Information that hackers gained access to includes customers' names, dates and number of nights they stayed at a location, email addresses, phone numbers, and postal addresses. However, no banking information was collected, say Gîtes de France.
It includes people who booked with the company between 1995 - 2026, but “only a few French departments are concerned,” said the group. This reportedly includes Guadeloupe, Cantal, and Haute-Garonne.
Clients impacted by the breach will be informed in an email sent out today (May 18).
It is the latest in a series of major cyberattacks this year, including some targeting government websites.
Three booking websites attacked over weekend
It is the third booking website to be affected by a security breach in recent days, following the Pierre & Vacances-Center Parcs group on Friday and Belambra – operator of 44 holiday clubs in France – on Saturday.
Belambra confirmed that information obtained in the cyberattack included 41,000 detailed booking reports, 42,000 customer bookings, and 360,000 data points from bookings relating to children.
Pierre & Vacances-Center Parcs group said the breach on its end saw information about 1.6 million bookings taken.
All three groups will file complaints with France’s public prosecutor and the CNIL (Commission nationale de l'informatique et des libertés) over the incidents.
The same hacker is thought to be responsible for all of the attacks.
The head of ‘French Breaches’, a website which reports on cyberattacks in France, claims it has spoken to the hacker.
“He told me he acted to gain visibility and show how vulnerable France is when it comes to cybersecurity,” said France Breaches creator to Agence France Presse.
The breaches mean there is a risk that such information may end up on the dark web, where it can be used by other fraudsters as part of their scams.
Anyone who is contacted by any of the booking groups should be on increased alert for phishing attempts, conducted either via phone or email.
Hackers may use the information from the data breach to increase their authority during an attempted scam, or to pressurise the victim into handing over information.
More information on protecting yourself from phishing attempts is available in our article here.
