[BreachExchange] Hi-de-Hack! Redcoats red-faced as Butlin's holiday camp admits data breach hit 34, 000

Destry Winant destry at riskbasedsecurity.com
Mon Aug 13 08:01:13 EDT 2018


https://www.theregister.co.uk/2018/08/10/butlins_data_breach/

Updated Holiday camp and British institution Butlin's has admitted
34,000 visitor records have been compromised.

Guest names, holiday dates, postal addresses, email and telephone
numbers have been exposed. Butlin's said payment card details are not
at risk.

The breach was the result of staff responding to a phishing email that
posed as a message from the local council. All breaches of personal
information create a heightened risk from phishing emails and ID
theft. The Butlin's leak is worse than most lower-level breaches
because it reveals when home owners are likely to be away from their
properties.

The incident has been reported to the Information Commissioner's
Office. Butlin's has also begun informing affected holidaymakers,
something it promised to complete over the next three days.

Butlin's joins the long and depressing list of organisations who have
fallen victim to breaches for one reason or another. El Reg asked
Butlin's to comment on the incident but we're yet to hear back. ®

Update

The Register received a statement from Butlin's:

Butlin's can confirm that up to 34,000 of their guest records may have
been accessed by an unauthorised 3rd party.

Butlin's would like to assure their guests that all their payment
details are secure and have not been compromised.

The data which may have been accessed includes booking reference
numbers, lead guest names, holiday arrival dates, postal and email
addresses and telephone numbers.

Investigations, however, have not found any fraudulent activity
related to this event. Guests who may have been affected are being
contacted directly by Butlin's to let them know what's happened, what
they should do and what is being done to resolve the situation.

Butlin's have also reported this incident to the Information
Commissioner's Office.


More information about the BreachExchange mailing list