The tourism industry is investing heavily in customer experience, distribution, and now artificial intelligence. Yet, another issue has suddenly risen to the top of executives' priorities: cybersecurity. In just a few days, several major players in the French tourism sector have faced data breaches. At the same time, an international report reveals that 92% of travel agencies surveyed experienced a cyberattack, attempted intrusion, or security incident in the past twelve months. For tourism professionals, the message is becoming increasingly difficult to ignore.
According to the specialized press, cybersecurity is no longer a subject reserved for IT departments. It is becoming a strategic issue that directly affects traveler trust, brand reputation, and business continuity.
Summary
The figure that should alert the entire tourism sector
Published on May 20, 2026 by SecureTrust , the cybersecurity subsidiary of the VikingCloud group , the report "The Hottest Destination for Cyber Risk" paints a worrying picture of the situation of independent travel agencies in the United States and the United Kingdom.
The study reveals that 92% of the agencies surveyed faced a cyber threat or security incident in the past twelve months.
Even more worrying, 66% report that some of their customers' sensitive data has been compromised. This includes email addresses, phone numbers, personal data, passport information, travel itineraries, and certain payment details.
For 68% of the managers surveyed, cyberattacks, data breaches and ransomware are now the top concern for 2026, ahead of inflation and the risk of economic slowdown.
Maeva, Belambra and Gîtes de France: the French alarm bell
This study resonates particularly strongly in France. At the end of May, several major players in the tourist accommodation sector admitted to having been victims of data breaches within a few days of each other.
According to TourMaG, Maeva, Belambra and Gîtes de France were affected by separate incidents that led to the exposure of customer data.
Beyond the specific circumstances of each case, these events illustrate the same trend: the digitization of tourism is progressing faster than investments in cybersecurity.
For professionals in the sector, these incidents serve as a reminder that no brand is too well-known, too established, or too experienced to be spared.
Why travel agencies have become prime targets
Cybercriminals are increasingly interested in tourism for one simple reason: few sectors concentrate so much sensitive information in a single digital environment.
A booking may contain personal details, family information, passport copies, payment data, postal addresses and specific details about a traveler's future travel.
The SecureTrust report also identifies several recurring vulnerabilities. Payment gateways, booking systems, cloud platforms, and identity verification services are among the weaknesses most frequently cited by the professionals surveyed.
Another key finding: 24% of agencies admit to bypassing certain multi-factor authentication steps during peak periods to save time. This practice mechanically increases the level of risk.
The most dangerous data is sometimes the data that should never have been kept in the first place
One of the most striking lessons from recent French cases concerns the length of time data is kept.
According to reports in the specialized press, some of the compromised data dated back several decades. This highlights an often underestimated problem: the continuous accumulation of information that has become operationally useless but remains exploitable by cybercriminals.
Deleted data cannot be stolen. Conversely, archives kept for twenty or thirty years can become a major source of risk in the event of an intrusion.
For many experts, reducing the volume of stored data is now one of the most effective ways to limit exposure to cyberattacks.
How to concretely strengthen your cybersecurity
Faced with this evolution of threats, several actions appear to be priorities for travel agencies, accommodation providers and tourism companies.
The first step is to precisely identify the data retained and delete those that no longer have operational or regulatory value.
The widespread adoption of multi-factor authentication, raising employee awareness of phishing, regular auditing of service providers and the implementation of an incident response plan are also among the recurring recommendations of specialists.
SecureTrust also believes that PCI DSS compliance often represents an accessible first step for organizations handling payments and sensitive data.
Cybersecurity is becoming a matter of customer trust
For a long time, travellers have chosen an agency, a hotel or a platform primarily based on price, location or quality of service.
This logic is gradually evolving. Recent incidents show that the protection of personal data is also becoming an element of trust.
For tourism companies, cybersecurity is therefore no longer just a technical or regulatory issue. It is becoming a factor of commercial differentiation and a key element of customer relations.
Players able to demonstrate a structured approach to data protection, auditing of their service providers and incident management could benefit from a growing competitive advantage in the coming years.
Tourism is entering a new era
The SecureTrust report and recent incidents affecting several French companies ultimately tell the same story. Cyber risk is no longer theoretical; it is now a daily reality.
According to the trade press, tourism businesses are facing an ever-expanding attack surface as digital tools proliferate. Online bookings, cloud platforms, payment systems, CRM, loyalty programs, and third-party services all create potential entry points.
The question is no longer whether an attack attempt will occur. It is now about determining whether the company is prepared to protect its data, react quickly, and maintain customer trust when an incident happens.
Sources
https://www.deplacementspros.com/mobility-management/le-vrai-risque-pour-une-agence-en-2026-ce-nest-ni-la-recession-ni-lia
https://www.tourmag.com/Trois-piratages-en-trois-jours-pourquoi-le-tourisme-va-devoir-prouver-sa-securite-ABO_a131995.html
https://www.vikingcloud.com
👉 Access all our tourism reports, statistics and analyses on Tourisme Stats.
➡️ Check out our full report on B2B Tourism to discover the key trends, figures and strategies for 2026.
👉 Stay informed about business tourism trends: subscribe to InfosTourisme Inside .
📘 Also check out our practical pages for tourism professionals .
📩 Send your press releases .
