PANTO-STYLE HOLIDAY CAMP COMPANY Butlin’s has admitted to a data breach that saw an “unauthorised third party” make off with customer data.
While no payment details or user passwords have been compromised, Butlin’s buoyantly announced that the booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers of 34,000 customers may have been accessed.
The incident was the result of a phishing attack via an unauthorised email, the company admitted, meaning this hack was entirely chaletmaid.
Butlin’s managing director Dermot King said in a statement: “Butlin’s take the security of our guest data very seriously and have improved a number of our security processes.
“I would like to apologise for any upset or inconvenience this incident might cause. A dedicated team has been set up to contact all guests who may be affected directly. I would like to personally reassure guests that no financial data has been compromised.
“Guests who may have been affected are being contacted directly by Butlin’s to let them know what’s happened, what they should do and what is being done to resolve the situation.”
Butlin’s says it will be contacting all guests who may have been affected by the incident by the end of 13 August.
The company has also reported the incident to the Information Commissioner’s Office and says it will be “putting more measures in place to reduce the risk of something like this happening again.”
News of the Butlin’s data breach comes just days after nerd watercooler Reddit fessed up to a breach that saw hackers make off with some users’ current email addresses and a database containing older accounts.
The data breach took place between 14 June and 18 June, when as-yet-unknown culprits accessed employee accounts through an SMS intercept attack. µ
Source : Inquirer