Latest sport at UK's famous holiday camps - not fishing but phishing
- Butlin's loses 34,000 customer records to phishing expedition
- Ho-Di-Ho. Redcoats left red-faced by cyber attack
- Staff responded to an email purportedly sent by a local council
- Security awareness training required as a matter of urgency
Butlins, a household name in the UK, is a chain of large holiday camps. So well known are they that they are usually described either "national treasures" or "institutions" (but in that latter case, not necessarily in a good way). In terms of the accommodation and other facilities available, Butlin's has modernised and moved with the times but it looks as though it's the security of its computer systems and processes haven't kept pace.
The company has reported that a phishing attack resulted in 34,000 visitor records being compromised. Given the massive scale of some cyber attacks, it might at first glance seem that the raid is small stuff and of minimal importance in the great scheme of things. However, the breaching of Butlin's security is serious because the data stolen includes the dates of the periods when families will be staying at one of the camps. Holiday's at Butlin's are usually of a week or two week's duration and if knaves, thieves and vagabonds can find out when properties are left empty it'll be a burglary bonanza. Hence the kerfuffle.
Once it was realised that the security breach had occurred, Butlin's moved quickly to try to minimise potential damage - both to customers properties and the company's reputation. Thus Butlin's quickly reported itself to the UK's Office of the Information Commissioner (ICO) and set up an in-house task-force to contact every booked guest and advise them of the cyber-attack, what is being done about it and what customers should do to protect themselves from possible repercussions. It has also set-up a dedicated web-page providing holiday makers with information and some of the details of the "unauthorised 3rd-person" incursion.
The data compromised by the phishing expedition are guest names, booking reference numbers, the dates of the holidays, postal addresses, email addresses and both mobile and fixed line telephone numbers. However, Butlin's insists that financial details are secure, that none were accessed in the attack and that no credit card other banking details of customers have been compromised.
In a statement, Dermot King, the managing director of the company said, "Butlin’s take the security of our guest data very seriously and have improved a number of our security processes. I would like to apologise for any upset or inconvenience this incident might cause. He added, "We cannot be definitive at the moment with regard to whether all data was hacked."
It seems that the hackers took the simplest, easiest and lowest-tech route through Butlin's security. It came via phishing attack in an email purporting to come from the offices of a local municipality. It was opened and responded to, all unwittingly, by Butlin's clerical staff.
It was a bad mistake and surely must be prima facie evidence that the company needs to look closely at its in-office systems and processes and forthwith to provide some security awareness training.
That said, the company is to be applauded for the measured, sensible way in which it has dealt with the crisis. Butlin's did everything by the book; reporting itself to the ICO, quickly issuing a factual, public notification, setting up a task-force to deal with those customers who may be affected by the breach and, all-in-all, being in full compliance with Europe's new GDPR regulations. A text book case of how to do it that other big organisations (including many in the telecoms sector), would do well to emulate.
Holiday camps back in favour: from austerity to austerity
Butlin's holiday camps occupy a unique place in British popular culture. They were founded in 1936 by the irrepressible Billy Butlin to provide affordable holidays for ordinary British families. Ten camps were built between 1936 and 1966 - including one in Ireland and another in the far more exotic location of the Bahamas.
Butlin's also had a very direct connection with the UK's telecoms infrastructure. When London's 'Post Office Tower' (as it was then called ) was opened in 1965, Butlin's was the first company to gain a lease to run the "Top of the Tower", restaurant that revolved slowly some 600 feet above the Streets of Fitzrovia. In its heyday the restaurant served 800 lunches and 1,300 dinners a day.
In the days or rationing and austerity that the British suffered in the years after winning the Second World War, (the last goods to come off rationing were sweets, sugar and chocolate in 1954, nine years after hostilities in Europe were concluded) Butlin's holiday camps were immensely popular.
They offered holiday accommodation, all food, baby-sitting, cheap beer, bingo and round the clock entertainment for the price of a week's pay. Between the 1950s and the early 1970s millions of people flocked to Butlin's until the first package tours to the warmer climes of the Mediterranean put the company into long term decline.
Now there are just three Butlin's camps left but they are enjoying a new lease of life driven by another period of politically imposed austerity in the UK that has been going on for eight years and shows no signs of ending. Add to that the strength of the Euro versus the Pound (they will be close to parity when Brexit takes effect) and the vile conditions that travellers must now routinely endure at overburdened, overpriced airports and Butlin's looks set for a long renaissance.
The Redcoats, Butlin's famous frontline team in terms of interaction with camp guests, will continue to provide the cheery 'end-of-the-pier' style entertainment as they have been doing for the past 82 years, acting as hosts and organising daily activities for the holiday makers. Perhaps even the 'Glamourous Grannies" and "Knobbly Knees" competitions of yore will again claim a place of honour in the Butlin's pantheon of fun-filled family frolics. Best not to mention phishing though.