Top European caravan club admits it was attacked — but can't confirm exactly what data on users was stolen

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

The Caravan and Motorhome Club (CAMC) has confirmed suffering a cyberattack, but is yet to definitively confirm if, and which, customer data, was stolen during the attack.

In late January, CAMC users reached out to The Register, asking the publication to assist with investigating a potential cyberattack at the company which, at the time, wasn’t communicating properly.

Soon after that, the LockBit ransomware gang added CAMC to its data leak site, claiming to have stolen 9.47 GB worth of files allegedly belonging to the firm.

"Potentially accessed"

While investigators are yet to analyze the data and confirm its authenticity, CAMC came forward with a few statements in which it wasn’t clear on the data theft part.

Apparently, it depends on whether or not users purchased different insurance policies through the website. 

Those who bought policies for Mayday breakdown insurance between 2018 and 2024 could have had their names, addresses, vehicle registration numbers, policy numbers, policy start and end dates, and membership numbers, all stolen. Those who took caravan insurance policies between 2018 and 2024 may have had their names, policy numbers, policy prices, and policy start and end dates, all taken. 

Finally, users who made claims on their Red Pennant emergency assistance in the same timeframe may have had names, addresses, birth dates, phone numbers, email addresses, policy numbers, membership numbers, vehicle registration numbers, caravan vehicle identification numbers, and information about claims made, all taken. 

"The cyber security team conducting the forensic investigation cannot confirm that any member data has been accessed, stolen, or is being used in an unauthorized manner," said Nick Lomas, director general at the CAMC. "In the spirit of transparency, we want to make you aware that the following data was held on the servers that were potentially accessed."

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.