Last week customers of the popular travel website Booking.com received an email informing them their data may have been leaked to a 'third party'.
My first thought as a consumer champion who helps readers who run into trouble with companies was, 'not again'.
The email read: 'At Booking.com, we are dedicated to the security and data protection of our guests.
'In that spirit, we're writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your past or upcoming reservation(s).'
This, it said, could include hotel booking details, emails, phone numbers and any information customers had shared in messages with accommodation owners.
It didn't include financial or home address information - but if a shady character has the details of someone's hotel booking, as well as their personal contact details, this leaves them wide open to scams.
I've seen this story play out with Booking.com time and time again.
While this is the first time it has admitted to a data leak, the hotel booking website has been plagued by security problems for years.
Despite - or perhaps because of - being one of the biggest and most-visited travel websites in the world it seems utterly incapable of containing them.
We don't know how many people have been affected by this breach because Booking.com won't release that information - nor which regions they are in.
But with many having just got away for Easter or looking forward to a break in the summer, it could feasibly include hundreds of thousands of people. Seven billion bookings have been made on the website since 2010, the Amsterdam-based company says.
It's the go-to website for Britons who want to compare prices and book hotels. I used it myself to book rooms for a recent holiday. However, this popularity makes it catnip to scammers.
I have raised red flags to Booking.com about this many times, and I'm sure its press officers consider me a thorn in its side.
As recently as January, I reported on a lady who tried to contact Booking.com customer service to cancel a hotel stay, but instead ended up on the phone to a scammer who tried to trick her into downloading a dodgy app and paying £45 to get a refund.
In fairness, this scam happened away from the Booking.com website, and instead originated with a dodgy phone number that had found its way onto Google.
But holidaymakers have been falling victim to scams on Booking.com directly since at least 2023, according to readers who have contacted This is Money.
Back then, scammers were getting into hotels' accounts and messaging customers with upcoming stays to tell them they had to pay more money, or their booking would be cancelled.
One young woman told me how she was travelling alone in south east Asia, and felt she had no option but to pay £900 when she received such a message on route to a hotel in the middle of the night.
Instances seemed to spike again in summer 2024, when a reader contacted me to say he had paid £1,697.90 in extra charges, after receiving a message supposedly from an Amsterdam hotel threatening to axe his upcoming stay with his wife and friends.
The worst thing? Customers still don't have any answers about why and how this has continued to happen.
Booking.com has in the past insisted to me that there had not been any kind of breach of its systems.
On these occasions, it insinuated that this was the fault of hotels and holiday let owners. Because their passwords or systems weren't secure enough, criminals had accessed their Booking.com accounts, allowing them to send messages to customers pretending to be the hotel.
I always felt that explanation was a bit too simplistic - and this week's news has made me believe that even more strongly.
Like so many companies these days, Booking.com is a wolf in sheep's clothing. It might look like a travel agent, but it's actually a tech company - in the same way that Uber isn't really a taxi firm.
It must have plenty of top tech whizzes on its staff - so why on earth can't it keep customers - by and large - safe from data leaks and scams when using its website?
Perhaps it's because it has little incentive to do so.
It makes its money from charging hotels and holiday let owners a commission of 10 to 20 per cent every time they get a booking. If the customer falls victim to a scam, Booking.com still gets its money - it's just the customer that loses out.
The website is so easy and convenient to use that it probably won't even lose a future customer - and hotels are too scared to come off the site as their bookings would plummet.
It's not right that Booking.com can get away treating its customers with such disdain, though, so maybe it's time to take a stand.
Hotels will always appreciate you booking with them directly. If you mention that you found them on Booking.com but decided to ring them up instead, they might even give you a tasty discount.
And for those who have a trip booked already? I'd advise changing your password immediately. Treat any messages you receive on the platform with extreme suspicion, and never, ever send anyone your card details.
If in doubt, find the hotel's phone number on their official website and give them a ring.