Belambra: customer contact details exposed after a cyberattack
French holiday-club operator Belambra disclosed in March 2026 that a cyberattack on a shared reservation-system provider exposed personal data of roughly 400,000 customers, including names, emails, phone numbers and booking details, though no banking data or passwords.
- Victim
- Belambra
- records
- 400.0K
On 30 March 2026, Belambra — a leading French operator of holiday clubs and resort hotels — disclosed that a cyberattack had exposed the personal data of roughly 400,000 customers. The breach did not stem from Belambra's own systems but from a third-party provider operating its online reservation platform, a supply-chain compromise that also affected other tourism-sector companies relying on the same vendor.
The intrusion reportedly gave attackers access to customer contact details and booking records. Belambra stressed that no payment-card data, passwords or identity documents were involved. Exposed data categories included:
- Full names (first and last)
- Email addresses
- Phone numbers (in some cases)
- Stay details: arrival/departure dates, destinations, group composition and reservation amounts
- Information relating to minors travelling in some bookings
The leak has been linked to a threat actor using the alias "Chimeraz," also associated with breaches at Pierre & Vacances (around 4.5 million customers) and Gîtes de France, pointing to a sustained campaign against the French tourism sector. Because the stolen records contain real reservation dates, security researchers warned of a heightened risk of convincing, targeted phishing and fraudulent payment requests aimed at affected travellers.
Belambra filed a criminal complaint and notified France's data-protection regulator (CNIL). Investigations into the exact origin and full scope of the compromise remained ongoing at the time of disclosure, and customers were urged to stay vigilant against scam messages referencing their bookings.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/belambra-les-coordonnees-clients-exposees-apres-une-cyberattaque/
- ici.frhttps://www.ici.fr/infos/faits-divers-justice/cyberattaques-apres-pierre-et-vacances-belambra-touche-a-son-tour-par-une-fuite-de-donnees-5905865
- mobilicites.comhttps://www.mobilicites.com/400-000-clients-exposes-donnees-perso-et-coordonnees-touchees-hackeur-chez-belambra-ce-que-le-tourisme-doit-affronter.html