We have been informed of a data security incident at one of our technical service providers, which has affected us as well as several other players in the sector.
Rest assured, no banking data (such as your credit card number) has been compromised.
No passwords or postal addresses are affected.
Furthermore, the incident is now fully contained.
Your current booking is not impacted by this incident; it remains valid, and no action is required on your part (you can log in to your customer account to view it).
The only information that may have been accessed by third parties includes: first and last names, phone numbers, email addresses, and booking details (such as destination, arrival/departure dates, and the total amount).
What to do: You do not need to take any action. However, we recommend remaining vigilant regarding any suspicious messages claiming to be from Homair. We will never ask you to share sensitive information or payment details via WhatsApp. The only communications we send are informational emails regarding your payments.
If you are in doubt, the best precaution is to avoid clicking any links. You can always log in directly to your account on our website.
We take the protection of your data very seriously and are working closely with our security teams and technical partners to manage this situation. We have also officially notified the relevant data protection authorities (CNIL), in accordance with our legal obligations.
Can I cancel my reservation? Rest assured, your stay is not affected. We look forward to welcoming you to our campsites. If you still wish to cancel, our standard cancellation terms and conditions will apply.
Is there any compensation planned? Our alert was issued promptly to prevent any financial loss. As no financial information, passwords, or sensitive personal data were compromised, we are not offering financial compensation. Our priority remains the security of your holiday account and the integrity of our systems.
Was the data encrypted? Yes, our databases are protected by strict measures, including encryption of data at rest and in transit. However, this incident involved unauthorized access via a vulnerability in a third-party provider's system, which allowed the attackers to bypass these protections and extract certain booking information.
When did the breach occur, and when did you discover it? We officially identified the incident on March 17, 2026, following initial alerts from our contact center. At that time, the breach appeared to only affect customers with stays scheduled in March. On March 25, 2026, our third-party provider confirmed that the incident had actually affected a larger number of customers. The initial data exfiltration by the unauthorized third party took place on March 16, 2026.
What measures have you taken to stop the leak? As soon as the breach was discovered, we immediately set up a multidisciplinary crisis unit. We worked closely with our provider to analyze and fix the vulnerability. Simultaneously, we reinforced the security of our systems by resetting passwords on partner platforms and verifying Multi-Factor Authentication (MFA) for all critical access points.
How are you preventing this from happening again? The source of the incident at our partner's end has been identified and blocked. We are conducting a thorough investigation with cybersecurity experts to ensure no further vulnerabilities remain. We have also proactively informed the relevant authorities (CNIL and ICO) to comply with our legal obligations.
If you shared banking information via WhatsApp or clicked on a link: We have no way of knowing if this occurred. We strongly recommend contacting your bank to inform them; they will be able to advise and reassure you.