Important Cyber Security Message from the Director General of the Caravan & Motorhome Club
Firstly, I want to let you know that the majority of Club systems, including the website and app are back online.
Following the discovery of the cyber security incident in January, we took the decision to shut down all of our internal systems and to quarantine all outward facing systems and servers (including the website and App). Also at this time, we instigated a forensic investigation by a highly experienced cyber security team.
This paid dividends when we started the process of restoring all of our systems slowly and methodically with an abundance of caution to safeguard security.
The cyber security team has now finished the forensic investigation. The findings conclude this was a highly sophisticated attack on the Club systems and the actions that were taken to protect the Club and its members were timely and appropriate. The cyber security investigation has now confirmed that unfortunately during the cyber security incident, there was the potential for unauthorised access to servers with some member data on them.
The cyber security team conducting the forensic investigation cannot confirm that any member data has been accessed, stolen or is being used in an unauthorised manner.
In the spirit of transparency we want to make you aware that the following data was held on the servers that were potentially accessed.
Mayday Breakdown Insurance
Policies from 2018 -2024
Information held includes; Name / Address / Vehicle registration number / Policy number / Start and end date / Membership number
Caravan Insurance / Caravan Cover
Policies/Covers from 2018 -2024
Information held includes; Name / Policy number / Price / Start and end date
Red Pennant Emergency Assistance
Claims from 2018 -2024
Information held includes; Name / Address / Date of Birth / Mobile phone number / Email address / Policy number/ Membership number/ Vehicle registration number / caravan vehicle identification number (VIN/Chassis No) / Information about claims made
This Red Pennant data was of members who had a claim between 2018 and 2024 and was collected in order to handle claims. Therefore the information kept may be different for each member depending on the nature of the claim, and the individuals involved. We will be writing to affected members individually if we discover any additional personal data relating to individual members other than that mentioned above.
In the interest of data security please do not contact the Club at this time and ask about your personal data. We will be writing to any affected members individually when we are able to confirm if additional personal data was included about their claims.
Our aim is not to alarm members unnecessarily, but we believe we have a responsibility as a members’ club to share details about the incident. Our membership services team along with our cyber security advisors have helped construct some key questions and answers to help reassure you.
Questions & Answers
1. Were my Credit or Debit card details accessed?
No. Please be reassured that the Club is compliant with the global Payment Card Industry Data Security Standard (PCI DSS).
2. I paid for my membership and Caravan Cover by Direct Debit. Are my Direct Debit details in the area that was potentially accessed?
3. Were any of my future booking details accessed?
No. Your campsite booking data isn't stored in the area that was potentially accessed.
4. Were my Club passwords accessed?
No. Club passwords aren't stored in the area that was potentially accessed. It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email passwords and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords, ideally more than 12 characters.
5. What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.
This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Data security is of paramount importance to the Club, our members, guests and suppliers. We have taken further actions under the instruction of our cyber security experts to enhance the Club’s cyber security to help prevent this type of incident from happening again.
Potential consequences of data being used in an unauthorised manner could be phishing emails and text messages to try and extract personal information which could result in identity theft. The Club will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords.
It's important that we don't raise awareness of details of the incident to the cyber criminals and our cyber security experts have advised us not to share any further details to do with the incident on social media. We would advise you to follow the same guidance.
In order to further protect your own personal data, it is unwise to share your personal situation in forums and on social media.
We will of course continue to update the website with any additional information relevant to the cyber attack.
I would like to offer my sincere apologies for any inconvenience this has caused, and thank you for your continuing patience as we return to normality.
Please see below links to help members understand how they can best protect themselves from fraudsters and cyber criminals.