Up to 34,000 guests may have had their information stolen as a result of a phishing attack against Butlins. No financial details were compromised during the attack, but this information does consist of names, home addresses, holiday arrival dates, email addresses and telephone numbers.
The cause of the data breach was solely down to a phishing attack against Butlins. A recent article by IT Governance state that “No matter what technological defences you have in place, malicious emails will slip through” and further explain that “it is your employees’ responsibility to spot the scam”. The result of this data breach shows just how important staff training surrounding Cyber Security is, and how expensive or damaging neglect of this training can be.
While the phishing attack against Butlins did not reveal any financial information, the most important data contained within this breach is the victim’s home address and arrival date. Both of these pieces of information can be paired together to determine how long they have been staying away on holiday and if they are likely to return home soon, ultimately increasing the risk of a burglary while they are away. This is another example of how data, regardless of its overall importance, can be used maliciously and can have serious consequences on the victims.
Butlin’s have reported the data breach to the Information Commissioner’s Office who are exploring the attack in more detail. Butlin’s managing director, Dermot King, has expressed his apologies for the inconvenience it may have caused.
borwell advise that all companies should take a serious approach toward Cyber Security and ensure that adequate processes are in place to prevent attacks like these from happening. Ensure that you take the time to train your staff regarding Cyber Security awareness and have effective procedures in place to handle security.