Holiday travel is stressful enough with crowded airports, expensive flights and last-minute itinerary changes. But there’s a hidden part of the travel industry most people don’t know about: your personal data is being harvested, packaged and sold every time you book a flight, reserve a hotel room or check a travel app.
Whether you’re traveling for a Christmas break or booking early for New Year’s, the companies you trust with your most sensitive details—full name, home address, passport info, travel dates and device data—are sharing and selling far more than you think.
And during the holiday rush, that data becomes a goldmine for scammers.
Let’s unpack how this works, which companies collect the most and what you can do before you travel to keep your personal information out of the wrong hands.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAMS STRIKE
The holiday season is the peak period for travel-related data collection. Airlines, hotels, booking platforms, loyalty programs and travel apps all experience massive traffic spikes—millions of Americans are searching for deals, comparing prices, checking gate changes and re-booking delayed flights.
Every one of those actions creates trackable data points, including:
You might assume this data stays with the airline or hotel. It doesn’t.
Most companies share it with advertisers, analytics firms, data brokers and dozens of unnamed “partners.” Some even use your data to profile you—how often you travel, how much you’ll likely spend and whether you’re a “high-value” target.
That information can easily leak into scammer databases, which is why holiday travelers suddenly see:
Scammers rely on the fact that you’re stressed, rushing and expecting travel updates. And because they already have your personal data, their attacks are frighteningly convincing.
STOP FOREIGN-OWNED APPS FROM HARVESTING YOUR PERSONAL DATA
Here are real-world examples of how holiday travel platforms collect and share your data:
Major U.S. airlines collect not just your name, phone number and email, but also travel companions, payment details, geolocation data, device data and loyalty-program activity.
They share this with:
Many of these partners, over time, become part of the data broker ecosystem.
Each booking platform details what it collects in its privacy policy. Oftentimes, these sites track:
This is used to build profiles that determine what deals you’re shown and how aggressively you’re targeted.
Marriott’s privacy policy and other privacy statements list over 60 categories of data it collects. Some chains were caught sharing guest data with:
Cybercriminals have been using the information of over 500 million Marriott guests, exposed during a four-year-long breach that started in 2014, to craft and execute travel-themed scams to this day.
These are some of the most aggressive data collectors because they run nonstop on your phone. Many collect:
Some of these firms then “share information with partners for marketing enhancement,” which is typically code for data selling.
YOUR DISCARDED LUGGAGE TAGS ARE WORTH MONEY TO SCAMMERS
How scammers use your travel data
Once your information enters the ecosystem, scammers build travel-themed attacks designed to hit you at the worst possible time. Some common examples include:
This isn’t guesswork. They already have your name, flight, hotel, location and travel dates—because the travel industry’s data partners sold or leaked them.
Here are my top steps to staying private this holiday season:
Hotels, airlines and booking sites all have data removal options—though they’re buried in their privacy settings.
Turn off location permissions for apps like:
Many track you even when not in use. Here’s how to do it for iPhone and Android:
On iPhone: Open Settings, tap Privacy & Security, then tap Location Services, scroll down to the app and tap each app, and set location access to “While Using the App” or “Never,” and turn off “Share My Location” if you don’t want them to see your exact spot.
On Android: Open Settings, tap Location, then choose App location permissions or App permissions, find the app and tap it, and change each one to “Allow only while using the app” or “Don’t allow” so they can’t track you in the background. (Settings may vary depending on your Android phone’s manufacturer.)
This is the most important step. Even if you stop airlines and hotels from collecting new data, your existing data is already circulating through dozens of data brokers, and that’s what scammers use to target travelers.
Data brokers hold:
You can manually request removal from hundreds of sites, but it takes months. That’s why I recommend a data removal service. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
An alias email reduces the amount of spam and phishing attempts you’ll receive. By creating email aliases, you can also protect your information. These aliases forward messages to your primary address, making it easier to manage incoming communications and avoid data breaches.
For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com
Scammers often run fake hotspots. So, avoid airport public Wi-Fi when accessing financial information.
The holiday season is here, and many of us are getting ready to travel to see family and friends. As travel picks up, personal data collection and sharing also increases. Airlines, hotels and travel apps often share your information with unknown third parties, which scammers can use to target you during your trip. Before you pack your bags, take a few minutes to remove your personal data from online brokers. Doing this helps protect your identity and lets you travel with peace of mind.
How do you protect your personal information when you travel during the holidays? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Recent Comments