Tens of thousands of Butlin’s customers have been warned that their holiday plans have been exposed after staff at the company were caught out in a phishing attack when they answered an email purporting to be from the local council.
Details of over 34,000 customers – including guest names, holiday dates, postal addresses, email and telephone numbers – have been exposed, although Butlin’s has insisted that payment card details are not at risk.
Although most of the data is low-risk, the attack has revealled when home owners are likely to be away from their properties.
The incident has been reported to the Information Commissioner’s Office. Butlin’s has also begun informing affected holidaymakers, something it promised to complete over the next three days.
In a statement, the holiday camp operator said: “Butlin’s would like to assure their guests that all their payment details are secure and have not been compromised.
The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers.
Investigations, however, have not found any fraudulent activity related to this event. Guests who may have been affected are being contacted directly by Butlin’s to let them know what’s happened, what they should do and what is being done to resolve the situation.”
There are three Butlin’s holiday camp sites – Skegness in Lincolnshire, Bognor Regis in West Sussex and Minehead in Somerset.
Commenting on the incident, Ensighten chief revenue officer Ian Woolley said: “Butlin’s is yet another brand that has been caught out by a third-party hack. Companies must go beyond their own walls to protect customers – effective security can’t be tackled in silos. While brands have made strides to become compliant, it isn’t enough. The goal must be to consistently identify and address gaps that could make their customers vulnerable.
“Leaking data may result in huge fines but the bigger loss from a breach such as this is consumer trust. Prevention is always better than cure – working with partners to take a holistic view of a company, and its ecosystem, can help bolster security from the outset, giving brands and consumers peace of mind.”
Related stories
Bosses finger youngsters for data loss but are guilty too
Top brands caught with trousers down on email security
Firms warned over new wave of nefarious cyber attacks
UK firms ‘leaving themselves wide open to ransomware’
Millions of Instagram users hit by major hack attack
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’
20,000 Tesco Bank accounts raided in hack attack
Thousands warned ‘it could be you’ in Camelot hack
Takeaway fans hit where it hurts in Deliveroo breach
Adult site confirms 419m users have been exposed