Advisory To Customers Who Have Booking.com Reservations
We received reports from some customers who had made reservations via Booking.com of email correspondence claiming to be from Booking.com on behalf of Zentis Osaka advising that their reservations would be canceled unless payment is made.
Following our notice of November 3, we would like to provide the following update based on findings from internal as well as external investigations into the matter, including that conducted by Booking.com:
1. Cause of Incident
We have determined that these deceptive correspondences containing false payment links directing customers to a phishing site were due to malicious, unauthorized access of Booking.com’s reservation management system as a result of malware having infected one of Zentis Osaka’s computer terminals without detection.
2. Background and Status Update
- (1) Zentis Osaka received reports from some customers who had made reservations via Booking.com of email correspondences claiming to be from Booking.com on behalf of Zentis Osaka on November 2. These email correspondences advised customers that their reservations would be canceled unless payment is made, leading them to what is commonly referred to as a phishing site – a fake website posing as a legitimate one used for fraudulent purposes to lead people to disclose their personal (including financial) information.
- The suspicious activity was immediately reported to Booking.com upon our discovery of it, and we have since alerted customers to the fact that these deceptive correspondences and the payments prompted had not originated from Zentis Osaka.
- (2) We have also since received reports from Booking.com advising that no compromise of customers’ personal information stored in its reservation management system, including credit card details, has been detected.
3. Preventive Measures
In cooperation with Booking.com as well as an external data security company, Zentis Osaka has implemented new security measures and alerted and re-educated all of our staff on the dangers of such risks and the importance of maintaining vigilance. We will continually re-assess our measures in an effort to prevent data security breaches in the future.
4. For Those With Booking.com Reservations
If you made a room reservation via Booking.com and have received suspicious email correspondence claiming to be from Zentis Osaka (or any other property) regarding your reservation, please DO NOT attempt to reply or click on any links embedded in the email.
If you have already clicked on the link and inadvertently provided your credit card information on the phishing website to make payment, please contact Booking.com as well as your credit card company as soon as possible.
Please note, Zentis Osaka will never send correspondence via email or chat requesting credit card information from customers who have made reservations via Booking.com.
Booking.com Customer Center and Reservation Inquiries
In Japan: +81 3 6743 6650
International calls (English): +44 20 3320 2609
If you have already made a reservation at Zentis Osaka via Booking.com and received confirmation of it, rest assured, your booking remains confirmed. Any cancellations should be made directly on Booking.com.
If you would like to get in touch, please do not hesitate to Contact Us.
The hotel is reachable also at: +81 6 4796 0111
Please accept our sincerest apologies for any concerns or inconveniences this may have caused.
Zentis Osaka Management Team
[November 3, 2023 – first notice]
[December 1, 2023 – updated advisory]