From the 30th of September, some Sunweb customers due to travel on their holidays over the next few months received phishing emails asking for them to confirm their details and make a payment, otherwise their holiday would be cancelled. These emails were from another companies hacked email server outside the Netherlands and not Sunweb.
Sunweb Group has, after a thorough investigation, confirmed that some of the data used in the phishing emails originated in one of its systems, which had been hacked. As a result, some customer data was taken by cyber criminals and was used for phishing emails. The incident has now been fully contained, and the affected system has been further secured.
Impact on customers
The breach affected customer contact details, including name, email address, and phone number, as well as booking information, such as travel dates and destinations. While this data is considered sensitive, we want to emphasize that no bank or credit card details, passwords, or passport/ID document information was accessed or taken.
Actions taken
Sunweb Group takes the protection of customer data extremely seriously and sincerely apologizes to those who may have been impacted. In response to the incident:
- The breach was immediately investigated, and security protocols were followed
- All customers with active bookings were informed, and a follow-up communication is being prepared for impacted customers.
- The affected system was closed, and additional security measures have been implemented
- The breach has been reported to the Dutch Supervisory Authority (Autoriteit Persoonsgegevens) in accordance with privacy regulations
Customers are advised to remain vigilant. If anyone suspects they have been responded to a phishing email, they should contact their bank immediately and report the incident to the appropriate authorities.
For any questions or concerns, customers can contact our Customer Service team.
