Butlin’s has admitted that up to 34,000 of its customers may have been affected by a data breach. Managing Director Dermot King confirmed that Butlin’s’s database had been put at risk following “a phishing attack via an unauthorised email”.
In a notice posted on Butlin’s’s website, King said: “We would like to assure all our guests that your payment details are secure and have not been compromised. Your Butlin’s usernames and passwords are also secure. The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers. Our investigations have not found any evidence of fraudulent activity related to this event, but our data security experts will continue to work around the clock and have improved a number of our security processes.”
No financial data compromised
Although it may be comforting to know that payment details were not compromised, this type of data breach can have wide-reaching implications. Customers may no longer wish to take their holiday and leave their homes unattended, knowing that their holiday arrival dates and postal addresses might have been compromised. Cancelling a holiday, requesting a refund and possibly making new arrangements is time-consuming and disappointing. There’s also that uneasy feeling knowing that your details are ‘out there’ and could be used in other ways.
At a company level, as well as loss of revenue through cancellations, reputational damage and loss of trust can have long-term consequences – especially for an organisation known for being family-focused. Butlin’s will need a business continuity plan to minimise the damage.
Greatest single point of weakness
This data breach might have been avoided with staff training and awareness, but phishing attacks are on the rise and are increasingly sophisticated, which makes them harder to spot – especially if people are busy and don’t really look before opening an attachment or clicking a link. So, what can be done to ensure your systems are as safe as they can be, and that you are prepared to deal with a breach?
Cyber attack preparation
To help prepare for a cyber attack, organisations should implement an ISMS (information security management system). ISO 27001 is the international standard that describes best practice for an ISMS. Achieving certification to ISO 27001 demonstrates to existing and potential customers that an organisation has defined and put in place best-practice information security measures and processes.
How vsRisk™ helps organisations prepare for ISO 27001 certification
You could invest time, effort and money in designing and deploying – or have a consultant design and deploy – a manual risk assessment methodology. Or save yourself a lot of time (80%) and money by deploying our risk assessment software tool, vsRisk, instead.
Save time and money this September with Vigilant Software
We have special offers on our software tool vsRisk: purchase the ISO 27001 ISMS Documentation Toolkit, vsRisk and one year’s support to save up to £400.
With vsRisk you can produce consistent, robust and reliable risk assessments year after year. It is fully aligned with ISO 27001 and will help you systematically identify, evaluate and analyse risks without feeling overwhelmed.
The offers are:
- vsRisk Standalone package is now only £2,040, saving £350
With this package you have access to vsRisk Standalone (single user), the ISO 27001 ISMS Documentation Toolkit and one year’s support.
- vsRisk Multi-user package is now only £3,790, saving £400
With this package you have access to vsRisk Multi-user (for up to ten users), the ISO 27001 ISMS Documentation Toolkit and one year’s support.
Theses offers are available until the end of September. The ISO 27001 ISMS Documentation Toolkit contains useful documents that can help you with policies, procedures, processes, work instructions, forms and records. It is based on real-world best practice and experience that will significantly aid implementation projects.
For further information and to sign up for a demo, please click here.