Skip to main content
Netherlands News in English

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Bastion Hotel Breda, 25 August 2025
Bastion Hotel Breda, 25 August 2025 - Credit: G.Lanting / Wikimedia Commons - License: CC-BY-SA
Crime
Business
Bastion Hotels
data breach
phishing
scam
Wednesday, 11 March 2026 - 17:00

Share this article:

Cyber criminals targeting guests of Dutch Bastion Hotels

Cybercriminals posing as customer service representatives are targeting guests of the Dutch hotel chain Bastion Hotels. Customers are receiving what appears to be phishing messages on WhatsApp containing a remarkable amount of their personal data, AD reports after speaking to two Bastion guests and seeing an email the hotel sent them.

In the email, Bastion warned guests not to respond to the messages and not to click on any links. The cybercriminals likely got their contact details through a data breach, either at Booking.com or at the hotel, but this has not been confirmed.

One Bastion Hotels guest told AD that he suddenly received WhatsApp messages from a company in Brazil on Tuesday. The company knew a suspicious amount about him - his name and phone number, as well as his travel information. They knew which hotel he stayed at and when.

The guest sent AD screenshots of the rather vague messages, seemingly trying to convince him to make a payment. “We understand you’re concerned about payments, so let’s clarify this,” one message reads. “During verification, the booking amount will be temporarily blocked for just 1 minute. You must confirm this via a push notification in your banking app.” The man did not trust the messages and blocked the sender.

Another Bastion guest told AD that they got scammed. “I’ve asked Bastion Hotels for clarification, both by phone and email, but I’ve received the same blunt answer: they’re working on it. I asked if they’ve reported the leak: no answer.”

Bastion Hotels told AD that it did not have time to answer the newspaper’s questions right now. “We understand your concern, but as you’ll understand, we have other priorities right now,” a spokesperson told AD in writing. “We’ll get back to you as soon as we have more information.”

Under European privacy legislation, businesses must report data breaches to the Dutch Data Protection Authority (AP). AP could not tell the newspaper whether it received a report, citing privacy regulations.

More like this

Image
Odido's headquarters building in The Hague. Undated
​​New scams emerging as leaked Odido data pops up on social media
Image
Odido's headquarters building in The Hague. Undated
Fake site targeting victims of Odido data leak with compensation scam
Image
Handcuffs
Two men arrested for extorting hundreds through sex website Kinky.nl
Image
Parking meter
Scammers using QR code stickers on parking meters to get at people's bank accounts
Make NL Times your top Google source

Follow us:

Latest stories

  • Video: Dutch, Spanish police intercept 947 kg of MDMA; Largest seizure in Europe
  • Criminal investigation launched against SABIC over PFAS dumping in Dutch surface water
  • Nearly 40 Dutch websites being used to spread disinformation about transgender people
  • Older adults living at home face rising heat-related health risks as oversight declines
  • Netherlands won’t increase inheritance tax, Finance Min. says despite mounting estates

Top stories

  • Netherlands won’t increase inheritance tax, Finance Min. says despite mounting estates
  • Free public transport for kids under 11 throughout the Netherlands from next year
  • Dutch intelligence services did not see Russian invasion of Ukraine coming
  • Netherlands tried to settle Nexperia, ASML disputes on trade visit to China
  • Netherlands to end zero-hour work contracts, limit flexible employment with Senate vote

© 2012-2026, NL Times, All rights reserved.

Footer menu

  • Change Privacy Settings
  • Privacy Policy
  • Contact
  • Partner Content