Butlin’s has suffered a data breach that has affected up to 34,000 of its customers.

A spokesperson confirmed that the compromise had taken place over the past 72 hours and was caused by a phishing email.

In a notice posted on its website, Butlin’s managing director, Dermot King, said:

“We would like to assure all our guests that your payment details are secure and have not been compromised. Your Butlin’s usernames and passwords are also secure.”

He continued:

“The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers. Our investigations have not found any evidence of fraudulent activity related to this event, but our data security experts will continue to work around the clock and have improved a number of our security processes.”

No payment card data affected

Although it might be reassuring to some that their payment data is safe, it’s worth pointing out the damage this type of data leak can cause. I’d presume that those who booked a holiday and now have their holiday dates in the hands of an unknown third party probably won’t want to leave their homes unattended and will likely cancel their holiday.

Cancelling a holiday and requesting a refund, as well as making new arrangements, is probably far more difficult than calling up your bank and cancelling your debit/credit card.

Greatest single point of weakness

Jocelyn Paulley at law firm Gowling WLG, said ”This breach was the result of a phishing email, demonstrating the crucial need to train staff so they can recognise increasingly sophisticated communications that purport to be genuine” and that human error was the “greatest single point of weakness” in organisations’ security.

Staff awareness training should be the primary defence strategy against phishing attacks. No matter what technological defences you have in place, malicious emails will slip through, and when that happens, the only thing standing between cyber criminals and your organisation’s sensitive information is your employees’ ability to spot the scam.

Our Phishing Staff Awareness Course shows you and your employees exactly what to do in that situation. We break down how phishing emails work, how to spot them, what you should do when you receive one and what happens when people fall victim.

In addition, you can promote security awareness among employees by placing thought provoking posters in key locations around your office to serve as a constant reminder. These posters featured in a recent #ThinkingSecurity video, see below.