Key Takeaways
- Marriott International suffered a data breach from 2014 to 2018 impacting 500 million guest records including passport numbers, payment information, and travel details from Starwood properties.
- British Airways experienced a Magecart attack in 2018 exposing 380,000 customers' credit card details and personal data over 15 days via a compromised payment page.
- Cathay Pacific breach in 2018 affected 9.4 million passengers' data including names, nationalities, passport numbers, and credit card details from May to October.
- British Airways breach led to 400+ lawsuits consolidated.
- Cathay Pacific saw 10% drop in customer trust scores post-breach.
- Sabre 2022 outage canceled 1,500+ flights worldwide.
- The average cost of a data breach in the travel industry was $3.92 million in 2023 according to IBM.
- Marriott breach led to $118 million in investigation and notification costs by 2022.
- British Airways fined 20 million GBP ($26M USD) by ICO in 2020 for the breach.
- The number of travel industry data breaches rose 28% from 2021 to 2022 per Verizon DBIR.
- 65% of travel breaches in 2023 involved third-party vendors according to IBM.
- Magecart attacks on travel sites increased 200% YoY in 2019.
- The Marriott breach included encryption keys for some Starwood guest payment cards
- British Airways breach captured CVV codes, expiry dates, and card numbers for 380k payments.
- Cathay Pacific breach compromised passport numbers, identity card numbers for 9.4M passengers.
Travel breaches hit millions with costly third party and skimming attacks, averaging $3.92 million per incident.
Related reading
01 · Category
Breach Frequency and Scale30 stats
Breach Frequency and Scale Interpretation
02 · Category
Customer and Operational Impact28 stats
Customer and Operational Impact Interpretation
03 · Category
Financial and Economic Impact26 stats
Financial and Economic Impact Interpretation
More related reading
04 · Category
Security Trends and Responses25 stats
Security Trends and Responses Interpretation
05 · Category
Types of Data Breached25 stats
Types of Data Breached Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Priyanka Sharma. (2026, February 13). Data Breach Travel Industry Statistics. Gitnux. https://gitnux.org/data-breach-travel-industry-statistics
Priyanka Sharma. "Data Breach Travel Industry Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/data-breach-travel-industry-statistics.
Priyanka Sharma. 2026. "Data Breach Travel Industry Statistics." Gitnux. https://gitnux.org/data-breach-travel-industry-statistics.
Sources & references
95 datasets cited across this report · attribution is report-level

