Cybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes.

The travel giant notified customers that their personal data, including names, email addresses, and phone numbers, may have been accessed in a security incident.