The Caravan and Motorhome Club website outage has been put down to a suspected cyberattack, the club’s director general has said.
Members have reported widespread IT outages for the past five days.
The company has notified the UK’s Information Commissioner’s Office (ICO) to its situation, suggesting it has suffered a meaningful data security incident.
UK organizations must notify the ICO within 72 hours if they suffer a breach that’s likely to risk people’s rights and freedoms.
The data watchdog confirmed to us today that it’s investigating based on the information provided to it.
The Caravan and Motorhome Club’s network of 2,200 independently owned Certificated Locations (CLs) are reported to be unaffected by the cyber incident.
The club’s problems reportedly began on January 20 when its website and mobile app originally went down “for maintenance” but have since refreshed to communicate that external teams are involved in bringing its systems back to working order.
Caravan and Motorhome Club members have this week been criticising the club for its lack of communication about the on-going incident.
The investigation remains ongoing into whether there was any unauthorized access to systems or data theft
In a statement released today (January 25) by the club director general, Nick Lomas said: “I wanted to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days.
“On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident.
“Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology.
“By taking swift action we greatly minimised the effects of this cyber security attack.
“The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents.
“Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed.
“We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues.
“Our internal and external specialist teams are working around the clock to understand the extent of this incident.
“We are working to establish whether there was any unauthorised access or exfiltration of members’ data.
“However, we believe the correct thing to do now is to notify you of the incident.
“We will of course alert individual members as soon as possible if any breach of member data is established.
“At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security.
“This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details.
“Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords.
“Data security is of paramount importance, to us, our members, guests and suppliers.
“I would like to offer our most sincere apologies for the inconvenience this has caused.
“Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems.”