Major Cyberattacks Expose Weaknesses in France's Tourism Sector Security

French tourism companies Gîtes de France, Pierre et Vacances-Center Parcs, and Belambra have all suffered significant cyberattacks within the past three days, exposing serious vulnerabilities in France's cybersecurity landscape. Gîtes de France revealed on May 17, 2026, that over 389,000 customer records were compromised in a breach traced back to their IT service provider Itea. The stolen data included client names, reservation dates, emails, phone numbers, and postal addresses, but no banking information was accessed. This breach affected reservations spanning more than 30 years, from 1995 to 2026, and was limited to specific French departments.

The same hacker claimed responsibility for this and two other attacks targeting Pierre et Vacances-Center Parcs and Belambra. Pierre et Vacances reported 1.6 million reservations affected, while Belambra disclosed a breach involving over 41,000 detailed reservations alongside about 360,000 records related to minors. No financial data was reportedly stolen in these attacks.

The attacker stated that the motive behind these breaches was to illustrate the fragility of France's cybersecurity defenses, dubbing the country a "cybersecurity sieve." The repeated incidents within France's top tourism operators have prompted all three companies to file official complaints as investigations continue.

These events highlight growing concerns over cybersecurity readiness within France's tourism sector and question the robustness of national protective measures. The breaches expose millions of reservation records and personal customer details, raising alarms about the lasting impact on consumer trust and data protection standards in one of France's vital economic sectors.