NEWNow you can listen to Fox News articles!
Traveling on vacation can be stressful enough with crowded airports, expensive flights and last-minute itinerary changes. But there is a hidden part of the travel industry that most people don't know about: your personal data collected, packaged and sold every time you book a flight, book a hotel room or check a travel app.
Whether you're traveling for the Christmas holidays or pre-booking tickets for New Year's, the companies you trust with your most sensitive data – full name, home address, passport details, travel dates and device details – are sharing and selling a lot more than you think.
And during the pre-holiday rush, this data becomes a goldmine for scammers.
Let's break down how it works, which companies collect the most, and what you can do before you travel to prevent your personal information from falling into the wrong hands.
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAM.
Traveling on vacation brings more than just stress, because every booking and check-in quietly generates personal data that you may not even realize you're giving away. (iStock)
Why traveling on vacation puts your data at risk
The holiday season is the peak period for travel-related data collection. Airlines, hotels, booking platforms, loyalty programs and travel apps all are experiencing huge surges in traffic as millions of Americans search for deals, compare prices, check boarding changes and rebook delayed flights.
Each of these actions creates trackable data points, including:
- Email address
- Phone number
- Full name and date of birth
- Address history
- Travel routes
- Passport or identification data
- Device fingerprint
- IP address and location
- Purchasing habits and spending patterns.
You can assume that this data remains with the airline or hotel. This is wrong.
Most companies share it with advertisers, analytics firms, data brokers and dozens of unnamed “partners.” Some even use your data to build a profile of you—how often you travel, how much you're likely to spend, and whether you're a “high-value” target.
This information can easily end up in scam databases, so travelers suddenly see:
- Fake messages “Your flight has been cancelled”
- Phishing emails that look identical to hotel confirmations.
- Fake baggage payment requests
- Fake TSA PreCheck Renewal Notices
- “Urgent recheck required” messages.
Scammers are counting on the fact that you are stressed, in a hurry and waiting for travel news. And since they already have your personal data, their attacks are frighteningly convincing.
PREVENT FOREIGN APPLICATIONS COLLECTING YOUR PERSONAL DATA
Airlines, hotels, apps and booking platforms collect far more information than most travelers know, and this data is often shared with advertisers and data brokers. (AP Photo/Ryan Sun)
Examples of what major travel companies collect
Here are real-life examples of how travel platforms collect and share your data:
1) Airlines (Delta, American, United, Southwest)
Major U.S. airlines collect not only your name, phone number and email address, but also information about travel companions, payment information, geolocation data, device data and loyalty program activity.
They share this with:
- “Marketing Partners”
- Analytical platforms
- Third Party Advertisers
- Data enrichment firms.
Many of these partners eventually become part of the data broker ecosystem.
2) Booking platforms (Expedia, Booking.com, Hotels.com)
Each booking platform details what it collects in its privacy policy. These sites often track:
- Search history
- Cost of views
- Device fingerprint
- Click behavior
- Location by IP
- Payment attempts – even abandoned carts.
This is used to create profiles that determine which offers are shown to you and how aggressively you target them.
3) Hotel chains (Marriott, Hilton, IHG)
Marriott's privacy policy and other privacy statements list more than 60 categories of data that the company collects. Some networks have been caught sharing guest data with:
- Advertising networks
- Social media platforms
- Third Party Guest Experience Tools
- Affiliate networks
- Data brokers for cross-device tracking.
Cybercriminals are still using the information on more than 500 million Marriott guests, exposed in a four-year hack that began in 2014, to develop and carry out travel scams.
4) Travel apps (Airbnb, Hopper, KAYAK, TripIt)
These are some of the most aggressive data collectors as they work non-stop on your phone. Many people collect:
- Real time location
- Contacts
- Clipboard data
- Behavioral Analytics
- Device ID
- View in the application.
Some of these firms then “share information with partners to improve marketing,” which typically means selling the data.
YOUR DISPOSED LUGGAGE TAGS COST MONEY TO FRAUDERS
Fraudsters are using leaked travel information to send fake flight alerts, hotel messages and urgent payment notifications that look real because they already have your personal information. (iStock)
How scammers use your travel data
Once your information enters the ecosystem, scammers create travel-themed attacks designed to hit you at the worst possible time. Some common examples include:
- Fake airline notifications: (e.g. “Your flight has been cancelled, click here to rebook”)
- Urgent emails from the hotel regarding payment refusal: Scammers are using the leaked address and booking details to send emails that look exactly like they are from Hilton or Marriott hotels.
- Fake baggage fee: (e.g. “Pay $24.90 to have your checked baggage released”)
- TSA and Global Entry Renewal Fraud.
This is not guesswork. They already have your name, flight, hotel, location and travel dates because travel industry data partners sold or merged them.
How to protect yourself before traveling
Here are my top steps to maintain privacy this holiday season:
1) Check what data travel companies already have
Hotels, airlines and booking sites have options for deleting data, although they are hidden in privacy settings.
2) Prevent apps from tracking your location.
Turn off location permissions for apps such as:
- Hopper
- Airbnb
- Expedia
- HotelTonight.
Many track you even when you don't use them. Here's how to do it for iPhone and Android:
On iPhone: Open Settingstap Privacy and Securitythen touch Location servicesscroll down to application and tap every applicationand set location access “When using the application” or “Never,” and turn off “Share your location” if you don't want them to see your exact location.
On Android: Open Settingstap Location, then choose Application location permissions or Application permissions, find application and tap it, and change each one to “Allow only when using the application” or “Don't let it” so they can't track you in the background. (WITHSettings may vary depending on the manufacturer of your Android phone.)
3) Remove your personal data from data broker sites.
This is the most important step. Even if you stop airlines and hotels from collecting new data, your existing data is already circulating through dozens of data brokers, which is what scammers are using to target travelers.
Data brokers hold:
- Your travel plans
- Address history
- Email and phone details
- Income level
- House information
- Names of your family members.
You can manually request removal from hundreds of sites, but it will take months. This is why I recommend a data removal service. While no service can guarantee complete removal of your data from the internet, a data removal service is indeed a smart choice. They don't come cheap, and neither does your privacy. These services do all the work for you, actively monitoring and systematically removing your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk that scammers will link leaked data to information they can find on the dark web, making it harder for them to target you.
Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com
Get a free scan to see if your personal information has already been published online: Cyberguy.com
4) Use an email alias for booking.
Email alias reduces the amount of spam and phishing attempts you will receive. By creating email aliases, you can also protect your information. These aliases redirect messages to your primary address, making it easier to manage incoming messages and avoid data leaks.
For recommendations on private and secure email providers that offer address aliases, visit Cyberguy.com
5) Avoid airport Wi-Fi for anything related to payments.
Fraudsters often use fake access points. So avoid the airport public wifi when accessing financial information.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt's key takeaways
The holiday season is upon us and many of us are preparing to travel to see family and friends. As travel increases, so does the collection and sharing of personal data. Airlines, hotels and travel apps often share your information with unknown third parties, and scammers can use it to target you during your trip. Before you pack your bags, take a few minutes to remove your personal information from online brokers. This will help protect your identity and allow you to travel with peace of mind.
How do you protect your personal information while traveling on vacation? Let us know by writing to us at Cyberguy.com
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright CyberGuy.com 2025. All rights reserved.
