Butlin, a holiday camp firm said that the personal data of its 34000 visitors at its resort may have been stolen by the hackers.
Home addresses, holiday arrival dates, contact details and names are among the data that may have been stolen, said the company.
Dermot King, the MD of Butlin, apologized for the breach and also said that no financial details had been imperiles.
A dedicated team has been set up to contact the visitors who might have been affected.
Mr. King said, “Butlin’s take the security of our guest data very seriously and have improved a number of our security processes,” said Mr King.
He also added, “I would like to apologise for any upset or inconvenience this incident might cause.”
Butlin’s spokesman confirmed it was in the last 96 hours that the hack took place and that it was a phishing attack.
However, the firm doesn’t yet have any idea as of now that whether the information of all 34000 guests have been stolen.
“We cannot be definitive at the moment with regard to whether all data was hacked,” the spokesman told the BBC.
Butlin also added that it hasn’t yet found any evidence of the fraudulent activity related to the incident.
“This breach was the result of a phishing email, demonstrating the crucial need to train staff so they can recognise increasingly sophisticated communications that purport to be genuine,” said Jocelyn Paulley at law firm Gowling WLG.
Ms. Jocelyn Paulley said that human error was the greatest single point of weakness in a firm.
“Butlins has made us aware of an incident and we will be making enquiries.”, said by the Spokeswoman for the Information Commissioner’s Office.
Skegness in Lincolnshire, Minehead in Somerset and Bognor Regis in West Sussex are the three Butlin’s holiday camp sites.