Large-Scale Data Breach Hits Hundreds of Dutch Hotels, Exposing Guest Reservations A major data breach has compromised the reservation systems of at least 100 Dutch hotels, exposing sensitive guest information and enabling targeted phishing attacks. Hospitality group Hospecs confirmed the incident, revealing that hackers accessed booking details including contact information, arrival dates, and departure dates for thousands of guests. The breach was first reported after Hospecs Managing Director Tim Vissers posted an alert on LinkedIn, prompting a surge of responses from affected hotels. Reports have since expanded beyond the Netherlands, with cases emerging in Belgium and Ireland. The attackers are exploiting the stolen data to send convincing fake payment requests to guests, often referencing real booking details to appear legitimate. Some victims reported that their hotels initially denied the breach, despite evidence of fraudulent messages. The exact cause of the breach remains under investigation, but Hospecs suspects a vulnerability in a shared software provider rather than direct attacks on individual hotels. The precision of the scams using verified reservation data makes them particularly dangerous, as victims may unknowingly comply with fraudulent demands. This incident follows a troubling pattern in the travel industry. Similar attacks have targeted major chains like Van der Valk (September 2025), travel agency Sunweb, and Booking.com (January 2026), where hackers hijacked hotel accounts to send fake payment requests. Dutch regulations require organizations to report data breaches within 72 hours, but it remains unclear whether Hospecs or the affected hotels have complied. Investigations into the source of the breach are ongoing.