Important Cyber Security Message from the Director General of the Caravan & Motorhome Club
29/02/2024
We wanted to let you know that the forensic investigation following the cyber attack in January has now been finalised. Following an extensive internal review, we now have greater clarity of the type of data that was accessed and the volume of members potentially affected.
A lesser quantity of data was accessed than the initial report suggested. There is no evidence to suggest that phone numbers or email address data for members and guests were accessed.
However, some data was accessed. For ease of reference, the list of data has been broken down into two categories below:
Caravan Insurance / Caravan Cover
Policies/Covers from 2018 - 2024
Name / Policy number
Red Pennant Emergency Assistance
Data from 2021 - 2023
Name / Address / Policy number / Start and end date of policy / Vehicle Registration / Monthly Premium paid for 2023 / Passenger name for transport bookings
It is very important to us that we present members with information and updates as soon as we are able to. We would again like to thank you for your support and patience while the Club’s teams and external partners managed this situation.
Our membership services team along with our cyber security advisors have helped construct some key questions and answers to help reassure you.
Questions & Answers
-
Were my Credit or Debit card details accessed?
No. Please be reassured that the Club is compliant with the global Payment Card Industry Data Security Standard (PCI DSS).
-
Were my Direct Debit details accessed?
No.
-
Were any of my future booking details accessed?
No. Your campsite booking data isn't stored in the area that was potentially accessed.
-
Were my Club passwords accessed?
No. Club passwords aren't stored in the area that was potentially accessed. It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email passwords and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords, ideally more than 12 characters.
-
What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.
This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Data security is of paramount importance to the Club, our members, guests and suppliers. We have taken further actions under the instruction of our cyber security experts to enhance the Club’s cyber security to help prevent this type of incident from happening again.
Important
Potential consequences of data being used in an unauthorised manner could be phishing emails and text messages to try and extract personal information which could result in identity theft. The Club will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords.
It's important that we don't raise awareness of details of the incident to the cyber criminals and our cyber security experts have advised us not to share any further details to do with the incident on social media. We would advise you to follow the same guidance.
In order to further protect your own personal data, it is unwise to share your personal situation in forums and on social media.
I would like to offer my sincere apologies for any inconvenience this has caused and thank you for your support and patience while we brought Club systems back online.
Kind regards
Nick Lomas
Director General
Useful information
Please see below links to help members understand how they can best protect themselves from fraudsters and cyber criminals.
You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK.