Europe’s largest caravan club admits wide array of personal data potentially accessed – Source: go.theregister.com

The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can’t figure out whether members’ data was stolen.

According to an update shared with members late last week and now published on its website, the CAMC listed all the different types of data that might have been accessed, and all the data that definitely wasn’t, but remained firmly on the fence as to whether any theft actually took place.

“The cyber security team conducting the forensic investigation cannot confirm that any member data has been accessed, stolen, or is being used in an unauthorized manner,” said Nick Lomas, director general at the CAMC.

“In the spirit of transparency, we want to make you aware that the following data was held on the servers that were potentially accessed.”

CAMC, which has more than a million members, offers a variety of insurance policies through its website, and those who purchase different types of coverage may be affected to different degrees.

If members took out policies for Mayday breakdown insurance between 2018 and 2024, the extent of the potential data compromise includes names, addresses, vehicle registration numbers, policy numbers, policy start and end dates, and membership numbers.

For caravan insurance policies between 2018 and 2024, members may have had their names, policy numbers, policy prices, and policy start and end dates accessed.

Members who made claims on their Red Pennant emergency assistance – breakdown cover for European trips – between 2018 and 2024 may have had a wealth of data accessed. This includes:

• Names

• Addresses

• Dates of birth

• Mobile phone number

• Email addresses

• Policy numbers

• Membership numbers

• Vehicle registration numbers

• Caravan vehicle identification number

• Information about claims made

CAMC said this information was gathered to handle claims and the amount of data collected for each claim may be different for each customer.

The organization has asked members not to make contact regarding any possible personal data security matters as it will be contacting affected members directly, should the data be eventually found to be compromised. 

“Our aim is not to alarm members unnecessarily, but we believe we have a responsibility as a members’ club to share details about the incident,” said Lomas.

In an FAQ section on its website, CAMC confirmed payment details, campsite booking details, and passwords are unaffected but “as a precautionary measure,” members are advised to update their passwords anyway.

• Mon Dieu! Nearly half the French population have data nabbed in massive breach
• Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud
• Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members
• Major IT outage at Europe’s largest caravan and RV club makes for not-so-happy campers

Members are warned to be extra watchful against phishing attacks via email or text messages, and to avoid clicking any suspicious links.

“This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details,” said Lomas. 

“Data security is of paramount importance to the Club, our members, guests, and suppliers. We have taken further actions under the instruction of our cybersecurity experts to enhance the Club’s cybersecurity to help prevent this type of incident from happening again.”

Lomas also said that the organization will no longer post updates to its social media channels about the incident, per the recommendations of the contracted third-party investigators.

“It’s important that we don’t raise awareness of details of the incident to the cybercriminals and our cybersecurity experts have advised us not to share any further details to do with the incident on social media. We would advise you to follow the same guidance.”

Any further updates will be published on its website and communicated directly to members.

“I would like to offer my sincere apologies for any inconvenience this has caused, and thank you for your continuing patience as we return to normality,” Lomas concluded.

Incident recap

Reg readers were the first to know about the issues at the CAMC after multiple members got in touch asking us to investigate.

Members were pleading with the club for days to gain assurances that their data was safe. CAMC’s comms team limited contact to social media replies that offered little insight into what was going on behind the scenes of an outage that saw its website and app pulled offline for weeks.

The online issues began on January 20 and according to recent social media posts, full website and app access was only restored on February 6.

The official line at the beginning was that investigators had been drafted in and there was no evidence to suggest member data was compromised, a stance that has since shifted to open up the possibility of data access. CAMC, however, reported itself to the UK’s data watchdog, the Information Commissioner’s Office, from the outset.

Despite the wording of the CAMC’s disclosure sounding an awful lot like ransomware, and the fact LockBit claimed the attack on its leak blog, the organization has never confirmed that the incident involved ransomware.

Without verifying the data, LockBit does have 9.47 GB worth of files allegedly belonging to the CAMC available for download on its website.

If ransomware was involved in the attack, the publication of files would generally suggest that the organization didn’t pay whatever ransom was set by the criminals. ®