Payment card details might not be at risk
But someone somewhere has a list of addresses and knows when the houses will be vacant.
Holiday camp and British institution Butlin's has admitted 34,000 visitor records have been compromised. Guest names, holiday dates, postal addresses, email and telephone numbers have been exposed. Butlin's said payment card details are not at risk. The breach was the result of staff responding to a phishing email that posed …
Well if her details were compromised, I hope she'll be doing two things - making a choice to avoid the company's services in future, and writing to the CEO (Paul Flaum of Bourne Leisure?) pointing out that there are no excuses here other than incompetence, and that this incompetence has measurable financial consequences.
I'm writing to the Whitbread and Dixonscarphone's bosses with that messagr since they've both manage to spill my details recently. To add a little something to the mix, it'll be a joint letter, in order to wash their dirty laundry with one of their peer group.
Does it really matter...
Clicking on a polluted link is one level of stupid.
Going to the trouble of collating lots of personal info and blindly sending it to an organisation that, when you think about, has no actual need or right to it anyway, is bordering on the fucking criminal.
It may not "matter" as such, but I'd certainly be interested to know.
"Did some numpty actually send the personal details of 34,000 people to someone outside the company in response to a phishing email, or did they just activate some malware by clicking-on-the-link?"
‘Does it really matter?’
Well, one is a clerical error and the other is a major defect in the underlying innovation :]
Butlins has changed since the Hi-Di-Hi era, much smaller than it was and includes hotels on the sites. But just what happened? I'd distinguish between phishing and malware. 34,000 sets of booking details sounds way too big to be the result of a phishing attack pretending to be the local council. A fake email from a local council could be a vector for malware, but how plausible was the email? The scale looks like one site, so it hangs together, but I wonder how robust the system is.
Local councils could plausibly mail out regular information, such as event lists, which somebody might almost automatically open, but why would such stuff get close to the bookings database? Maybe something was sent to customers, but what?
"All breaches of personal information create a heightened risk from phishing emails and ID theft."
HAL 9000: I'm sorry Dave, but that sentence don't even parse. That would be like the the fault in the AE35 unit in the future created my psychotic breakdown in the past.
It's easy to call people numptys and other names for clicking on malware links but it's all too easily done.
IT security should be built on the assumption that humans are dumb, and will click things without thinking.
What matters now is whether or not Bourne Leisure responds properly to this, whether they can justify the data they're holding and if they take steps to prevent the same issue occuring.
> IT security should be built on the assumption that humans are dumb
IT security is built on the knowledge that law is lenient, customers have very short memories, and thus that those breaches don't really matter in the end. All right, Butlin will get frowned upon by the powers that be for a day or two, they will get a small pile of abuse mail from the victims, but does all that matter to them? Not really. What matters is the money not wasted in educating low-wage temps who will be gone before long anyway.
Its all cost benefit analysis, the cost of the training vs the added publicity of a breach and the limited likleyhood of it occuring ......
Its a shame, but untill we can get Security on a Par with Health and Saftey (CXOs are criminally liable) there will be little change from this equation. This is where GDPR didnt go far enough.
Out of all the possibilities it's strange that this is what people focus on.
Between about 8am and 7pm pretty much every house in the area will be empty unless you live in middlesbrough, and I doubt the scallies have taken up phishing over knocking a random door and asking if dave's in, to see if anyone answers the door
(Moderately offensive stereotype for which I partially apologise: I myself haven’t had the money for a foreign holiday for a few years either, but I’d rather go to visit friends than stay in the faded grandeur of a now somewhat antiquated holiday camp, sorry.)
That speedboat they won on Bullseye?
It's surprising how easily these car thefts are occurring these days. My suggestion to people would be to start using ethanol as fuel.
Makes just as much sense as what you wrote ... how is vpn (tunnel connection between two systems) gonna have any effect on the gullibility of the average staffer ?
Hi, i have reason to believe (99% confidence) that financial data was stolen in this data breach, despite the statements and reassurances made by Butlins.
Butlins did not inform the person in question, and their credit card was cloned within the past week, involving a phonecall from the bank's fraud department. This being a relatively new (few months old) activated credit card, and has only been used since activation to solely make payments to Butlins.
What can i do about this? As Butlins has clearly overlooked the situation, or has flat out lied about the severity of this data breach.
Biting the hand that feeds IT © 1998–2019