Sunweb said it will not refund money to travelers who paid after following a phishing link, after the company discovered a cyber attack last week.
“When we realized that the phishing emails were circulating, we informed the customers as soon as possible,” said a spokesperson.
“They were asked by the hackers to click through twice, enter data and pay. We advised customers to contact the bank immediately if they have paid,” the spokesperson said.
Sunweb discovered the cyber attack last week after customers came forward with phishing emails they had received, the company said. Cybercriminals had penetrated a system of the travel company and used the data to ask customers to make a payment. They threatened that otherwise the trip would be canceled.
Sunweb would not say how many customers were duped because the investigation is ongoing, the company said.
Many customers have come forward saying they fear burglars when they go on vacation because the hackers may know when they are away and where they live.
The spokesman called it “a terrible incident. We are terribly sorry.”
Sunweb said it will not offer compensation. The travel agency offers a standard free rebooking guarantee for vacations that do not take place within six weeks, the spokesperson said. For vacationers who set off earlier, the official cancellation policy applies.
