Data Incident

9 August 2018

Letter from Dermot King, Butlin’s Managing Director.

I am writing to let you know there’s been an attempt to access some of our guest data by an un-authorised 3rd party.

Your payment details are safe

We would like to assure all our guests that your payment details are secure and have not been compromised. Your Butlin’s usernames and passwords are also secure.

We’re investigating this thoroughly

The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers. Our investigations have not found any evidence of fraudulent activity related to this event, but our data security experts will continue to work around the clock and have improved a number of our security processes.

We have reported this incident to the Information Commissioners Office and are putting more measures in place to reduce the risk of something like this happening again.

What happens next

We are contacting all guests who may be affected by this incident. If you have not heard directly from Butlin’s via email, post or phone by the end of Monday 13 August this issue does not affect you. The best way to contact us in the meantime is to email our dedicated team dataenquiries@butlins.com

I’m sincerely sorry this has happened and can assure you we are doing everything we can to minimise the risk of something like this happening again.

Dermot King

Butlin’s Managing Director


I thought you might have some questions…

What’s happened?

We have discovered there has been an attempt to access some of our guest data by an un-authorised 3rd party.

Are my payment details safe?

Yes. We would like to assure all our guests that their payment details are secure and have not been compromised. Guest usernames and passwords are also secure.

How did this happen?

It was the result of a phishing attack via an unauthorised email.

What data has been accessed?

The data which may have been accessed includes up to 34,000 booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers.

What’s happening now?

We have reported this incident to the Information Commissioners Office and are putting more measures in place to reduce the risk of something like this happening again.

Have my username and password details been compromised?

No.

Do I need to do anything or contact anyone?

If you have not heard directly from Butlin’s via email, post or phone by the end of Monday 13 August this issue does not affect you. Our phone lines are likely to be busy so please be patient if you are trying to call us. It’s better to email us at dataenquiries@butlins.com where we have a dedicated team ready to answer your questions.

Where can more information about staying safe online?

If you are at all concerned about data security, please take a look at the following helpful websites

www.cyberaware.gov.uk/

www.actionfraud.police.uk/support-and-prevention/protect-yourself-from-fraud

www.getsafeonline.org/