In August 2018, the company disclosed via a dedicated page on their website that they had discovered an attempt to access guest's data by an unauthorised third party after "a phishing attack via an unauthorised email". It was reported that up to 34,000 customers were affected in this breach.
The exposed data included booking reference numbers, lead guest names, holiday arrival dates, postal / email addresses and telephone numbers. The company stated they hadn't found any evidence of fraudulent activity related to this event.
The company reported the incident to the Information Commissioners Office.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions