Who would have guessed it but that great institute, loved by all and sometimes the target of jokes, Butlins has suffered a major cyber security breach? Yes the holiday firm that you would believe is innocuous and why would anyone want to attack this organisation? Well if you have holidayed in Butlins your name and address as well as other personal details are now known to some cyber criminal. Butlins insist that their visitor’s credit card information is safe so that is one bonus from this cyber attack.
So why do companies believe that they have done their duty security wise by securing financial data but leave their customer’s information available to a hacker?
So what can a hacker do with your personal information? Well expect a lot more spam in your in tray because your email details get instantly sold on the dark web for all those people selling those wonder products that put hair where you want it and melt away the pounds on your body that you do not want.
What about potential robbers knowing just when your house will be empty because you are attending a knobbly knee contest at the local Butlins?
Your personal details will be bundled up and sold to another member of the dark web – a full set goes for about $20 so selling hundreds of them is a valuable reward for a few hours work.
Next they look for the goodies, maybe you work for the government or the military? That makes your information really valuable to someone who can use your ID for less than honest reasons.
Passwords are particularly valuable, particularly as people reuse them so often. Dropbox accounts were compromised by using passwords obtained from a LinkedIn breach.
Credit card information is very valuable of course, so if you know your credentials have been stolen check your credit card statements for some strange purchases off of Amazon and eBay. You might discover that you have sent valuable gifts to your “Uncle” in Romania for example. Remember they have your log in, your personal data and of course now your credit card details if you use the same email and password for all your accounts.
One more thing to worry about is that with your personal information, especially if they have your date of birth and maybe also an answer to a security question, is that the hacker can set up loans in your name and address – easy to get payday loans sent to you with the right information. The first you hear about it is an angry letter from the lender. Similarly with your information, credit accounts with websites and catalogues can be set up. So keep an eye on your credit score, easy and free to do in the United Kingdom.
Of course you could also be contacted by hackers purporting to be from the hacked company, in this case Butlins. They will apologise profusely and then say they need further information to sort out your account. Be very wary of what information you give out to them as these are opportunity hackers.
Lastly, depending on what information is stolen you could be at the end of a ransomware, hack or request for money from phishing emails.
All of the information that was stolen from a Butlins’ database is valuable to the cyber criminal and hacker. They either sell it on for a great profit and/or use it for malicious purposes.
So what can an organisation do to ensure that they do not have the embarrassment of losing their data as well losses to their customers? Well first of all understand that ALL data is valuable, not only to them but also to a cyber criminal. So secure every piece of data.
Butlins confirmed that it was a phishing attack that got access to the database. This means that a member of staff downloaded a piece of code from an email or accidently gave away useful information. So good cyber security training for all your staff is vital. Your organisation also needs virus protection on all of its servers. Patches should be up to date and software secure. All of the network needs to be monitored on a continual basis.
If you are not able or do not want to do this yourself, and after all highly trained cyber security staff are hard to find, then talk to Gaia Technologies plc.