Israel Hotels 2024 Data Breach

Israel Hotels Booking Platform Breach (2024): 140K Customer Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Iranian threat actor (specific group not publicly named)MisconfigurationTravelCredit CardEmail AddressFull NamePhone Number
Moderate SeverityWebsite / service breach

Israel Hotels Booking Platform Breach (2024): 140K Customer Records Exposed

Online hotel booking platform for travel and accommodation reservations.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
20Data Value
25Market Recency
406dSince Breach

Breach Intelligence Summary

Entity: Israel Hotels · Actor: Iranian threat actor (specific group not publicly named) · Sources: 2 references
Attack: Misconfiguration
Profile: Platform · Travel booking and hospitality commerce · Hotel booking platform · Israel
Timeline: Breach (2024-12-09) · Indexed (Mar 17, 2025) · Year (2024)
Exposure: 140K records · 4 fields: Credit Card, Email Address, Full Name, Phone Number
Status: Reported

Executive Summary

The Israel Hotels breach affected a network of approximately ten Israeli travel and hotel booking websites operated by Gol Tours LTD, with the original incident occurring in June 2022 and Iranian threat actors claimed responsibility for the attack. The affected sites included hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael.co.il, ortal.net, come2israel.co.il, and come2israel.com. The breach was part of a broader wave of Iranian-attributed attacks against Israeli consumer platforms during the 2022 period. Israeli authorities including the Privacy Protection Authority took an unusually aggressive enforcement posture by reportedly seizing Gol Tours servers after the company refused to cooperate with remediation requirements. The breach was redistributed and indexed by DataBreach.com on March 17, 2025, with the dataset listed under a December 2024 breach-date that reflects the redistribution timing rather than the original June 2022 incident. The breach affected approximately 139,610 records based on records indexed by DataBreach.com, with Times of Israel and other Israeli media reports citing approximately 300,000 affected Israelis (the difference likely reflecting deduplication and the inclusion of records across multiple Gol Tours platforms). Compromised fields included names, email addresses, phone numbers, credit card data, reservation addresses, dates and locations of booked vacations, and sensitive medical or accessibility information collected to fulfill disability-access bookings on the noapass.co.il accessibility-focused site. For affected travelers, the practical risk profile combines payment-card-fraud exposure with travel-pattern-specific privacy risk and additional concerns for users whose accessibility-related medical information was exposed. Affected customers should monitor credit card statements for unauthorized charges, request replacement cards, and dispute fraudulent activity. The exposure of reservation dates and locations creates a unique physical-security risk because the data reveals when affected users were away from home, when they would be at specific hotel addresses, and which family members or travel companions accompanied them. Affected users with future travel reservations during or after the breach period may want to review the reservation details with the booking site for any unauthorized changes. Users whose accessibility or medical information was exposed should be alert to targeted phishing or insurance-related fraud that may reference real disability-access details. Affected Israeli citizens may file complaints with the Israeli Privacy Protection Authority, which has retained an active enforcement posture on this case.

ObscureIQ assessment: Exposure enables travel fraud, reservation impersonation, phishing, and physical-world targeting. Booking data can also reveal travel plans and absence from home.

Breach Impact

The institutional impact on Gol Tours LTD has been substantial because of the Israeli Privacy Protection Authority's enforcement action, which is among the more aggressive Israeli regulatory responses to a private-sector breach. The PPA's server seizure represents a significant regulatory escalation that has been widely cited in Israeli cybersecurity coverage. Gol Tours faced reputational damage across all ten of its affected booking properties, and the case has been formally cited as a leading example of operator non-cooperation with Israeli data-protection regulators. Civil litigation exposure under Israeli privacy law is significant given the inclusion of sensitive medical-accessibility data and the geopolitically motivated Iranian-actor attribution. The case has been broadly cited in Israeli infrastructure-security commentary about the elevated breach risk for Israeli consumer-facing platforms during periods of geopolitical tension with Iran.

About Israel Hotels

Israel Hotels' refers to a constellation of online hotel-booking and Israel-travel websites operated by Gol Tours LTD, an Israel-based travel and hospitality booking company. The affected platforms include hotel4u.co.il, booking-hotels.co.il, booking-kibbutz.co.il, mlonot.co.il, noapass.co.il, gol.co.il, funtoursisrael.co.il, ortal.net, come2israel.co.il, and come2israel.com. The platforms operate as Israel-focused booking aggregators serving both domestic Israeli travelers and international visitors to Israel, with reservations covering hotels, kibbutz accommodations, organized tours, and accessibility-specific bookings. As multi-property booking platforms, the Gol Tours sites maintained substantial customer data including identity, contact information, payment card data, reservation itineraries, and in some cases sensitive accessibility and medical information used to fulfill disability-access bookings.

Why They Hold Your Data

Hotel-booking platforms collect traveler identity, contact details, reservation records, payment-adjacent information, itinerary data, and support interactions tied to hospitality-commerce workflows.

Recent Developments

Following the June 2022 breach, the Israeli Privacy Protection Authority (PPA) launched an investigation and reportedly took over the servers of Gol Tours LTD because the company refused to cooperate with the PPA's remediation requests. Channel 12 news in Israel reported that the owner of Gol Tours LTD initially refused to address the security breaches because remediation would have cost money, although the owner later denied making that statement. The Privacy Protection Authority publicly stated that 'in any case of failing to immediately report a serious security breach and not cooperating according to the guidelines, the authority will take decisive action to protect the public.' The breach data was subsequently redistributed and indexed by DataBreach.com on March 17, 2025 (with DBC's record listing reflecting a December 2024 breach-date that does not match the original June 2022 incident date).

Data Points Exposed

4 verified field types
Credit Card Critical
Email Address
Full Name High
Phone Number

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Financial fraud using exposed financial profile data
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Card-present & card-not-present fraud
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing

Threat Actor: Iranian threat actor (specific group not publicly named)

Iranian threat actor (specific group not publicly named)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Israel Hotels breach?

The Israel Hotels breach affected a network of approximately ten Israeli travel and hotel booking websites operated by Gol Tours LTD, with the original incident occurring in June 2022 and Iranian threat actors claimed responsibility for the attack. The affected sites included hotel4u.co.il,…

What data was exposed?

Verified fields include Credit Card, Email Address, Full Name, Phone Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation