Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers
1 million members still searching for answers as IT issues floor primary digital services
Updated The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.
The company, which describes itself as "Europe's biggest touring community, helping caravanners, motorhomers and campers access over 3,000 stunning locations in the UK and Europe", has alerted the UK's Information Commissioner's Office (ICO) to its situation, suggesting it has suffered a meaningful data security incident.
UK organizations must notify the ICO within 72 hours if they suffer a breach that's likely to risk people's rights and freedoms. The data watchdog confirmed to us today that it's investigating based on the information provided to it.
CAMC's issues reportedly began on January 20 when its website and mobile app originally went down "for maintenance" but have since refreshed to communicate that external teams are involved in bringing its systems back to working order.
Multiple CAMC members approached The Register to complain about the outages, which according to their accounts have caused near-total digital disruption at the company that represents 1 million members.
One member said they've been unable to book a March holiday over the phone due to the disruptions with booking systems. When asked whether the disruption was caused by a cyberattack, or if member data had been compromised, customer service staff were said to be unaware of the specifics.
Others expressed concern over the possibility that data indicating when they'd be on holiday, coupled with their home addresses, could have been leaked.
Over on Facebook, one techie complained: "After 25 years in IT the only way to have people's understanding and patience is to keep them informed. Posting the same status reworded does nothing to settle the users. Much easier to say we accidently applied an update or a resource deleted a database..."
Members have also expressed annoyance with the CAMC for not communicating directly with members over email or phone.
"Oh dear, I wonder if it's [a] ransomware-related security breach," one member jibed on social media today, echoing similar posts. "Certainly think members are entitled to know more about the nature of the problem and any data compromise or leakage. It's been too long an outage without any real update."
- The price of freedom turned out to be an afternoon of tech panic
- Sounds like the black helicopters have come for us. Oh, just another swarm of FAA-approved Amazon delivery drones
- Mirror mirror on sea wall, spot those airships, make Kaiser bawl
- Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials
Official comms related to the incident have come via the CAMC's social media channels, with the most recent line being repeated to angry members: "Our technical teams are still investigating the source of the issue, we have been advised there is no evidence that member data was compromised."
Reading between the lines, the fact that the CAMC specified no member data was affected, combined with the fact it reported itself to the ICO, suggests that other data could have been compromised.
While the CAMC has thus far avoided using the dreaded C word, cases involving widespread service outages that affect multiple platforms, and ones that require outside experts to restore access to systems, often eventually result in a cyberattack being blamed.
The incident could feasibly be explained by other possibilities too, although in cases where cybercriminals aren't involved, we would expect the company to quickly explain that to be the case.
The CAMC has not responded to our contact attempts, and neither has the National Crime Agency (NCA), which is often called upon to deal with cybersecurity incidents in the UK.
The CAMC's website currently reads: "We sincerely apologize that members and guests are still unable to access any of our digital channels.
"Our partners and external teams of specialists are working hard to help bring our systems back online.
"We would ask for your continued support and patience and again offer our apologies for any inconvenience this is causing."
While phone systems are back offline after a brief outage at the start of the affair, members have been asked to avoid calling "unless it's an urgent matter," a customer support message read on its Facebook page.
Judging by social media posts made by the CAMC's subsidiaries, it appears the outage is contained to the CAMC only, as bookings are still being taken over the phone, online, and via email at multiple partnered travel businesses. ®
Updated at 1433 UTC on January 25 to add
An update shared by CAMC director general Nick Lomas today confirmed the organization's six-day outage was indeed caused by a cyberattack, with outside experts drafted in to help recover and restore systems after initially being taken down.
Lomas apologized to members about the lack of communication that caused panic among some members who were fearful of the safety of their personal data, explaining the CAMC was simply following advice from outside experts.
The investigation remains ongoing into whether there was any unauthorized access to systems or data theft, the club said.