Travel firms have failed to secure their websites from hackers despite previous cyberattacks, consumer group Which? has claimed.
Websites linked to Marriott, British Airways and easyJet were found to be vulnerable by its investigation. Each of the sites has previously been the subject of high-profile data breaches.
This research found hundreds of flaws linked to the three companies, Which? says, as well as on some domains linked to American Airlines and Lastminute.com.
The consumer group said it had looked at the security of websites operated by 98 travel companies – including airlines, tour operators, hotel chains and booking sites – examining cybersecurity on their main websites, and related sites, including promotional sites, spin-off business and employee log-in portals.
Almost 500 issues were found on sites linked to Marriott, with more than 100 judged to be high-risk or critical by Which? Marriott was