Tourism has become one of the most attractive targets for cybercriminals at the turn of March and April this year, according to the latest research by Check Point Software Technologies. Hackers have identified the travel sector as a rich source of sensitive data that can be monetized on the black market.
The most targeted industries included business services (35% of all attacks), consumer goods and services (14%), and industrial sectors (13%). While the majority of attacks are still recorded in North America (55%) and Asia, Europe accounted for 24% of all global ransomware attacks during the March–April period.
In March 2026, organizations worldwide experienced an average of 1,995 cyberattacks per week. Although this represents a 5% decrease year-on-year, experts emphasize that this does not indicate improved security. On the contrary, attackers are evolving their strategies, exploring new entry points, and exploiting the growing digitalization of businesses.
Tourism, in particular, has emerged as a prime target. Cybercriminals are not only harvesting data but also launching ransomware attacks on travel agencies and reservation system operators. The risk is expected to rise further in the run-up to the FIFA World Cup 2026.
A new wave of cyberattacks is increasingly targeting travelers by exploiting hotel booking systems, flight reservations, and ticketing platforms to steal payment data. Security experts warn that hackers are now combining real booking data with advanced social engineering techniques, including the use of artificial intelligence, to make scams appear highly credible.
Rising Threat Ahead of the 2026 World Cup
Cybercriminals are seeking to capitalize not only on the seasonal rebound in travel but also on the global attention surrounding the upcoming FIFA World Cup. Major international events are not just celebrations of sport—they are also highly attractive targets for cyberattacks.
The scale and visibility of such events, combined with the involvement of global brands, celebrities, and political figures, create a uniquely vulnerable environment. The massive public interest acts as a magnet for hacktivists, state-linked groups, and organized cybercriminal networks, which exploit these occasions to disrupt infrastructure and pursue geopolitical or financial objectives.
Italian security services have already reported thwarted cyberattacks linked to Russia during preparations for the Milan–Cortina 2026 Winter Olympics. These attacks targeted websites, hotels, and related infrastructure and were associated with the hacker group NoName057.
According to Wojciech Głażewski, Director at Check Point Software Technologies in Poland, cybercriminals are increasingly shifting their focus from event organizers to fans and their personal data. The rapid rise in attacks on ticketing systems, hotel bookings, and travel platforms highlights vulnerabilities across the entire digital ecosystem surrounding such events. Particularly concerning is the use of real booking data and communications resembling official notifications, making fraudulent activities increasingly difficult to detect. As a result, every stage—from purchasing tickets to accommodation—can become a potential attack point.
Incidents Confirm Growing Risks
The rising interest of hackers in the travel sector is also reflected in recent incidents in Poland. In November 2025, the well-known travel agency Nowa Itaka fell victim to a cyberattack that resulted in the theft of customer data, including personal information, email addresses, and phone numbers. The company stated that reservation details, financial data, participant information, and account passwords remained secure.
A similar case occurred in January 2026 involving Eurail. Hackers attempted to access order and reservation data, basic identification and contact details, and passport information such as numbers, issuing country, and expiration dates. The European Commission reported that additional data categories might also have been targeted, including dates of birth, addresses, IBAN numbers, and even health-related information if provided during customer service interactions.
According to Check Point’s analysis, the travel and tourism sector recorded the highest increase in cyberattacks—up 30% year-on-year. This growth is linked to a rising number of transactions, greater reliance on third-party providers, and an increasing volume of payment operations, all of which expand the attack surface.
Financial Motivation and Growing Ransomware Threat
Analysts emphasize that financial gain remains the primary driver behind these attacks—either through selling stolen data on the black market or demanding ransom payments from system operators and travel agencies. These sophisticated operations are typically carried out by well-organized and highly advanced cybercriminal groups.
Currently, there are an estimated 47 active ransomware gangs worldwide, with one of the most dangerous being Qilin ransomware group, responsible for approximately one-fifth of all ransomware attacks. In March alone, 672 such attacks were recorded, marking a 7% increase compared to the previous month.
Despite a slight year-on-year decline in the total number of attacks, experts warn against complacency. As Omer Dembinsky, Data Research Manager at Check Point Research, notes, the March figures may appear to signal a temporary slowdown, but attackers have not retreated—they have simply adjusted their pace.
Underestimated Risk Among Polish Companies
Data from CERT Polska shows that Polish companies continue to underestimate the risk of cyberattacks, despite the rapidly growing threat landscape. In 2025, a total of 260,800 cybersecurity incidents were recorded.
Research by Mastercard indicates that small businesses, in particular, often perceive the risk as limited. However, 40% of small companies and 50% of large organizations in Poland have experienced a cyberattack or digital security breach.
The evolving tactics of cybercriminals, combined with the increasing digitalization of services and the global scale of upcoming events like the FIFA World Cup 2026, suggest that both companies and consumers must remain vigilant. Without prioritizing cybersecurity, the greatest threat to travelers may no longer be physical risks at destinations, but rather invisible attacks carried out through emails, booking platforms, and mobile applications.
Own study based on industry data and analyses.
