Butlin’s has suffered a data breach that has affected up to 34,000 of its customers.
A spokesperson confirmed that the compromise had taken place over the past 72 hours and was caused by a phishing email.
In a notice posted on its website, Butlin’s managing director, Dermot King, said:
“We would like to assure all our guests that your payment details are secure and have not been compromised. Your Butlin’s usernames and passwords are also secure.”
“The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers. Our investigations have not found any evidence of fraudulent activity related to this event, but our data security experts will continue to work around the clock and have improved a number of our security processes.”
No payment card data affected
Although it might be reassuring to some that their payment data is safe, it’s worth pointing out the damage this type of data leak can cause. I’d presume that those who booked a holiday and now have their holiday dates in the hands of an unknown third party probably won’t want to leave their homes unattended and will likely cancel their holiday.
Cancelling a holiday and requesting a refund, as well as making new arrangements, is probably far more difficult than calling up your bank and cancelling your debit/credit card.
More information on this story will be published here when it becomes available.