Hi-de-Hack! Redcoats red-faced as Butlin's holiday camp admits data breach hit 34,000
Staff opened phishing email
Updated Holiday camp and British institution Butlin's has admitted 34,000 visitor records have been compromised.
Guest names, holiday dates, postal addresses, email and telephone numbers have been exposed. Butlin's said payment card details are not at risk.
The breach was the result of staff responding to a phishing email that posed as a message from the local council. All breaches of personal information create a heightened risk from phishing emails and ID theft. The Butlin's leak is worse than most lower-level breaches because it reveals when home owners are likely to be away from their properties.
The incident has been reported to the Information Commissioner's Office. Butlin's has also begun informing affected holidaymakers, something it promised to complete over the next three days.
Butlin's joins the long and depressing list of organisations who have fallen victim to breaches for one reason or another. El Reg asked Butlin's to comment on the incident but we're yet to hear back. ®
The Register received a statement from Butlin's:
Butlin's can confirm that up to 34,000 of their guest records may have been accessed by an unauthorised 3rd party.
Butlin's would like to assure their guests that all their payment details are secure and have not been compromised.
The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers.
Investigations, however, have not found any fraudulent activity related to this event. Guests who may have been affected are being contacted directly by Butlin's to let them know what's happened, what they should do and what is being done to resolve the situation.
Butlin's have also reported this incident to the Information Commissioner's Office.