Holiday travel is stressful enough with crowded airports, expensive flights and last-minute itinerary changes. But there’s a hidden part of the travel industry most people don’t know about: your personal data is being harvested, packaged and sold every time you book a flight, reserve a hotel room or check a travel app.

Whether you’re traveling for a Christmas break or booking early for New Year’s, the companies you trust with your most sensitive details—full name, home address, passport info, travel dates and device data—are sharing and selling far more than you think.

And during the holiday rush, that data becomes a goldmine for scammers.

Let’s unpack how this works, which companies collect the most and what you can do before you travel to keep your personal information out of the wrong hands.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAMS STRIKE

Why holiday travel puts your data at risk

The holiday season is the peak period for travel-related data collection. Airlines, hotels, booking platforms, loyalty programs and travel apps all experience massive traffic spikes—millions of Americans are searching for deals, comparing prices, checking gate changes and re-booking delayed flights.

Every one of those actions creates trackable data points, including:

• Email address
• Phone number
• Full name and DOB
• Address history
• Travel itineraries
• Passport or ID data
• Device fingerprint
• IP address and location
• Shopping habits and spending patterns.

You might assume this data stays with the airline or hotel. It doesn’t.

Most companies share it with advertisers, analytics firms, data brokers and dozens of unnamed “partners.” Some even use your data to profile you—how often you travel, how much you’ll likely spend and whether you’re a “high-value” target.

That information can easily leak into scammer databases, which is why holiday travelers suddenly see:

• Fake “your flight is canceled” texts
• Phishing emails that look identical to hotel confirmations
• Bogus baggage fee requests
• Fake TSA PreCheck renewal notices
• “Urgent re-verification required” messages.

Scammers rely on the fact that you’re stressed, rushing and expecting travel updates. And because they already have your personal data, their attacks are frighteningly convincing.

STOP FOREIGN-OWNED APPS FROM HARVESTING YOUR PERSONAL DATA

Examples of what major travel companies collect

Here are real-world examples of how holiday travel platforms collect and share your data:

1) Airlines (Delta, American, United, Southwest)

Major U.S. airlines collect not just your name, phone number and email, but also travel companions, payment details, geolocation data, device data and loyalty-program activity.

They share this with:

• “Marketing partners”
• Analytics platforms
• Third-party advertisers
• Data-enrichment firms.

Many of these partners, over time, become part of the data broker ecosystem.

2) Booking platforms (Expedia, Booking.com, Hotels.com)

Each booking platform details what it collects in its privacy policy. Oftentimes, these sites track:

• Search history
• Price views
• Device fingerprint
• Click behavior
• IP-based location
• Payment attempts—even abandoned carts.

This is used to build profiles that determine what deals you’re shown and how aggressively you’re targeted.

3) Hotel chains (Marriott, Hilton, IHG)

Marriott’s privacy policy and other privacy statements list over 60 categories of data it collects. Some chains were caught sharing guest data with:

• Ad networks
• Social media platforms
• Third-party “guest experience” tools
• Affiliate networks
• Data brokers for cross-device tracking.

Cybercriminals have been using the information of over 500 million Marriott guests, exposed during a four-year-long breach that started in 2014, to craft and execute travel-themed scams to this day.

4) Travel apps (Airbnb, Hopper, KAYAK, TripIt)

These are some of the most aggressive data collectors because they run nonstop on your phone. Many collect:

• Real-time location
• Contacts
• Clipboard data
• Behavioral analytics
• Device ID
• In-app browsing.

Some of these firms then “share information with partners for marketing enhancement,” which is typically code for data selling.

YOUR DISCARDED LUGGAGE TAGS ARE WORTH MONEY TO SCAMMERS

How scammers use your travel data

Once your information enters the ecosystem, scammers build travel-themed attacks designed to hit you at the worst possible time. Some common examples include:

• Fake airline notifications: (e.g., “Your flight has been canceled, click here to rebook”)
• Urgent hotel “payment failure” emails: Scammers use leaked address and booking data to send emails that look exactly like they’re from the Hilton or Marriott
• Fake baggage fees: (e.g., “Pay $24.90 to release your checked bag”)
• TSA and Global Entry renewal scams.

This isn’t guesswork. They already have your name, flight, hotel, location and travel dates—because the travel industry’s data partners sold or leaked them.

How to protect yourself before you travel

Here are my top steps to staying private this holiday season:

1) Check what data the travel companies already have

Hotels, airlines and booking sites all have data removal options—though they’re buried in their privacy settings.

2) Stop apps from tracking your location

Turn off location permissions for apps like:

• Hopper
• Airbnb
• Expedia
• HotelTonight.

Many track you even when not in use. Here’s how to do it for iPhone and Android:

On iPhone: Open Settings, tap Privacy & Security, then tap Location Services, scroll down to the app and tap each app, and set location access to “While Using the App” or “Never,” and turn off “Share My Location” if you don’t want them to see your exact spot.

On Android: Open Settings, tap Location, then choose App location permissions or App permissions, find the app and tap it, and change each one to “Allow only while using the app” or “Don’t allow” so they can’t track you in the background. (Settings may vary depending on your Android phone’s manufacturer.)

3) Remove your personal data from data broker sites

This is the most important step. Even if you stop airlines and hotels from collecting new data, your existing data is already circulating through dozens of data brokers, and that’s what scammers use to target travelers.

Data brokers hold:

• Your travel patterns
• Address history
• Email and phone details
• Income level
• Household info
• Your family members’ names.

You can manually request removal from hundreds of sites, but it takes months. That’s why I recommend a data removal service. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Use an email alias for bookings

An alias email reduces the amount of spam and phishing attempts you’ll receive. By creating email aliases, you can also protect your information. These aliases forward messages to your primary address, making it easier to manage incoming communications and avoid data breaches. 

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com

5) Avoid airport Wi-Fi for anything involving payments

Scammers often run fake hotspots. So, avoid airport public Wi-Fi when accessing financial information.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

The holiday season is here, and many of us are getting ready to travel to see family and friends. As travel picks up, personal data collection and sharing also increases. Airlines, hotels and travel apps often share your information with unknown third parties, which scammers can use to target you during your trip. Before you pack your bags, take a few minutes to remove your personal data from online brokers. Doing this helps protect your identity and lets you travel with peace of mind.

How do you protect your personal information when you travel during the holidays? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.