Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: bcd-travel (1 article)Clear

Corporate travel firm BCD Travel breach exposes 396,000 accounts

Have I Been Pwned has added BCD Travel - one of the world's largest corporate travel-management companies - to its breach corpus with 396,313 unique email addresses. BCD Travel arranges business travel for large enterprises and government clients worldwide, so the exposed dataset likely skews toward corporate and frequent-traveler accounts. As is typical for HIBP additions, the underlying breach source and disclosure details are not published alongside the entry, but the listing lets individuals and organizations check whether their accounts appear in the leaked dataset. Affected travelers should anticipate travel-themed phishing - itinerary updates, booking confirmations, loyalty-program lures - and should rotate any reused passwords and enable MFA.

Check
Check whether your @company emails appear in HIBP's BCD Travel corpus. Warn business travelers about itinerary, booking-confirmation, and loyalty-program phishing over the next 60-90 days.
Affected
396,313 unique email addresses tied to BCD Travel corporate-travel accounts. Dataset likely skews toward enterprise and government frequent travelers, raising targeted travel-themed phishing risk.
Fix
Affected individuals: rotate BCD Travel passwords and any reused elsewhere, enable MFA, scrutinize unsolicited travel emails. Organizations: add BCD Travel to breach-monitoring watchlists and brief traveling staff.