Caravan and Motorhome Club's website down!

[cyberyacht]

The CAMC IT has been rubbish for years. If its finally dead, it's probably done it a kindness.

 

[GerTee]

CAMC have changed their holding page which now says "We would also like to thank and recognise our partners and external teams of specialists who are working around the clock to help bring our systems back online."

Hacked or ransomware methinks.

 

[scoge]

More here from yesterday.......

Caravan and Motorhome Club's website down!

Has the Caravan Club gone undercover? Note on screen over weekend said they were working on website. Today screen is just blank.

www.motorhomefun.co.uk

Missed that thread, so sorry for duplication

 

[Gellyneck]

2nd hand but understand the Club has sent a text (from where?) to all members who are insured with them advising a dedicated phone number to make a claim. I thought this was managed by a 3rd party but are they impacted as well?

What about those with breakdown cover? Are they stuffed, as well?

 

[Gellyneck]

C&MC response from another website
+++++
Unfortunately we are experiencing technical issues which are affecting our systems and our IS team are working hard to get everything back up and running. Our technical teams are still investigating the source of the issue and we have been advised there is no evidence that member data was compromised. Please rest assured we are working hard to get everything back up and running as quickly as possible, so do keep an eye on the website for any further updates
+++++

^{_{Subscribers  do not see these advertisements}}

 

[hja]

Now described as a Systems Outage on web site.

 

[BillandHelen]

2nd hand but understand the Club has sent a text (from where?) to all members who are insured with them advising a dedicated phone number to make a claim.

Just renewed my Motorhome insurance with them this afternoon, usual phone number and they had full system access, think it’s Devitt system not CAMC.
No text received re claims.
Also just booked into Melrose for a couple of nights later this week, phoned site direct, booked no problem.
Warden said it’s mayhem at HQ as they try and get the systems back up, as an ex bank COO they have my sympathies, though why their backup system didn’t work will be another question.

 

[Spriddler]

Missed that thread, so sorry for duplication

No problem. I only added it to your thread because it saves fragmenting the topic and it has replies from others who may not post again.

 

[Gromett]

though why their backup system didn’t work will be another question.

Their backup system might be working. I just had to restore a clients site 3 or 4 days ago due to a hardware failure.
He had 104TB of data to restore. It took 10 hours for the data to be transferred from the backup system to the new system.
Then it took another 8 hours for the database data to be imported. All told he was down for a little over 36 hours.
The initial response was, what has gone wrong, took a while for onsite techs to realise the hardware was defunct.
They (the hosting company) then didn't have the necessary spares in stock.
So he was told he would either have to wait for new parts to arrive OR he could have a new server and some credit.
He took the new server.

He is now considering having redundant database servers up and running on separate hardware. I suspect at CAMC scale they already do this.
however, if their database got corrupted and this corruption was propagated to the redundant hardware then a full restore may have been necessary.
Just hope they had transaction logging/journalling turned on.

To be honest. CAMC contract may not have weekend covered for their IT staff for a major incident. So start from Monday, if this a major failure.
Then restoring a full big system like theirs may not be a simple 1 or 2 day process.

The above are just guesses based on my experience of running a disaster recovery service for my clients. Mine is extremely small scale and does not have all the latest bells and whistles and we do not host it on the same network or even the same provider.
CAMC should have 2 levels of backup. A local one for fast recovery. A full offsite, offline isolated backup hosted by a different company which would always take l long time to restore from but could survive anything short of a nuclear war.

 

[Gellyneck]

Just renewed my Motorhome insurance with them this afternoon, usual phone number and they had full system access, think it’s Devitt system not CAMC.
No text received re claims.

That's what was confusing me as I knew it was a 3rd party (we've previously been insured with them).

Also just booked into Melrose for a couple of nights later this week, phoned site direct, booked no problem.
Warden said it’s mayhem at HQ as they try and get the systems back up, as an ex bank COO they have my sympathies, though why their backup system didn’t work will be another question.

Yip Judith at Melrose has been tearing her hair out!

^{_{Subscribers  do not see these advertisements}}

 

[Wanders from Glos]

I wonder if it is a ransomware attack.

My thoughts too.

 

[maison]

I have been trying to contact them by ’phone,e-Mail and via their website as £150 of vouchers for my daughter’s birthday have gone astray somewhere.

No way to contact them at present.

 

[Gromett]

It’s a bit of a concern if there is any security breach as they now hold card details for automatic balance payments the day of arrival.

They won't hold card details. The PCI/DSS requirements have ramped up to stupid levels in recent years. Very few companies will even risk holding client card details unless they are suicidal and don't want business insurance.

I thought it was WorldPay that held it on their behalf, even so it's still worrying .

I don't know the company they use, but you are correct it will be someone like WorldPay that does it for them

BUT, This is not what is causing the issues. If it was a payment issue you would still be able to book just not pay.

The level of CAMC IT expertise is seriously lacking, demonstrated after the recent new website launch. I hoped it’s not been hacked, but wouldn’t be surprised. In which case if there’s been a data breach they need to make an official statement and report themselves to the relevant authorities ASAP.

They do not need IT expertise. They need campsite expertise. These days no company of their size or smaller should be doing their own IT. The security and stability requirements just too high for such a non core activity.
I suspect they have an "IT" contract and something has gone wrong and they are being pushed from pillar to post. I suspect the new site was developed and hosted under a single contract and they are unwilling at this stage to throw the contractor under the bus until they are sorted. But I suspect at contract renewal time the current company will not be in the running.

 

[Wanders from Glos]

I would say the user interface part of their IT is only average but can see its a matter of opinion. The back end seems fine.

Regardless, their communication is often poor. It would not be difficult to put an explanation on the holding page we currently see with either a warning customer data may be compromised, or reassurance that it is not. Equally they could get a message to this site and the Motorhome magazine sites with similar information. That would either allow people to stop worrying or change passwords elsewhere which they may have unwisely replicated. Let’s face it most people do this.

Finally some sort of holding message is in their own best interests, it would help to damp down some of the wilder speculation.

 

[nicholsong]

I would say the user interface part of their IT is only average but can see its a matter of opinion. The back end seems fine.

Regardless, their communication is often poor. It would not be difficult to put an explanation on the holding page we currently see with either a warning customer data may be compromised, or reassurance that it is not. Equally they could get a message to this site and the Motorhome magazine sites with similar information. That would either allow people to stop worrying or change passwords elsewhere which they may have unwisely replicated. Let’s face it most people do this.

Finally some sort of holding message is in their own best interests, it would help to damp down some of the wilder speculation.

What? Treat the Members as Members of a mutual club? What next?

^{_{Subscribers  do not see these advertisements}}

 

[herald_400rl]

Regardless, their communication is often poor. It would not be difficult to put an explanation on the holding page we currently see with either a warning customer data may be compromised, or reassurance that it is not. Equally they could get a message to this site and the Motorhome magazine sites with similar information.

Likely they do not know the impact yet and so can't say either way. If we had a ransomware incident it would be weeks until we were sure. We would need to comb logs of all the different systems and tools we have to see if we had suffered a simple cryptographic ransomware attack or if they had also exfiltrated data and this would cause bigger issues.
But yes, some indication of what's going on wouldn't go amiss.

 

[EuroTrotters]

probably the same standard of IT that Brittany Ferries employ

 

[Otter Spotter]

All right, own up, which Funster did this ? Who has the skills on here to hack their system? and I say ‘systems with my tongue firmly in my cheek

 

[f6c]

The plot thickens!

 

[sueandjohn]

My gues is cyber attack

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

But I suspect at contract renewal time the current company will not be in the running.

Can you get up off your butt and get up to the front of the queue, pretty please!!!!!

 

[seasideBill]

What a bloody shambles!

 

[Arnside037]

I doubt whether the CMHC has even asked them selves the question, ^What do we do if were subject to a ransomware attack. Do we have a plan in place?^
I suspect that the answer is no in both cases.

 

[Otter Spotter]

I doubt whether the CMHC has even asked them selves the question, ^What do we do if were subject to a ransomware attack. Do we have a plan in place?^
I suspect that the answer is no in both cases.

Their accountants will have asked them but the CAMC are so arrogant and dismissive that their reply would likely be ‘We are fine we are invincible’

 

[Jim]

At last some communication from CAMC on X. Not many kind wishes in the responses though

^{_{Subscribers  do not see these advertisements}}

 

[chaser]

Why don't you all just cancel your direct debit or whatever you use to pay them, and get out and find other places with less hassle and money.
Just ask yourselves what you need them for.

 

[seasideBill]

I’m not sure how many CAMC ‘Club Together’ forum members post here any more, but those that do will know it’s suffered with IT problems for (literally) years. As regular as clockwork members were complaining and reporting problems in the vain hope that somebody in CAMC might listen and fix it. Usually there was no response let alone solution. The current problems will all be part of the same arrogant and dismissive approach to members.

 

[starquake]

Their backup system might be working. I just had to restore a clients site 3 or 4 days ago due to a hardware failure.

My part of the IT world for consulting is IT security -> and I can say having ran a few Incident Responses on a major hack investigation, this also could look exactly like the symptoms CAMC are suffering.

Priority one is to find out "How they got in", then "What they got access to", "fix the problem and any similar problems in the codebase", recover database from tape (happens in parallel to previous step) and finally recover access to customers.
If it was a SQL injection type attack (still as common as in 2001) stopping access to the website allows the entry point to be discovered. Reason I mention this Gromett is becuase a SQL injection type attack could also wipe all data -> sometimes attackers use a join in SQL that can delete data in extreme circumstances.

This then adds a recovery stage to stage 3 to enable the actual corrupt data (all columns become true, false, 1 or 0 typically in many cases these days) to be recovered from their offsite backups, which I agree with gromett takes an age on a several Tb system (mostly becuase index's have to be recomputed to enable the website to perform).

But this pretty much matches the timeline and IR plan on one I was involved with by a (namelesss) UK based insurer client 10 ish years ago. SQL injection is still very very common and attackers methods to leverage them are entire books of content these days, as you usually also have to bypass a web-application firewall or similar out of app defence now.

 

[robnchris]

The clubs facebook page is has lots of comments re the situation, though typical of a controlling club most have been taken down, a lot of unhappy members out there that can't make use of the clubs facilities either booking a pitch or cancelling one.
All in in all an abysmal performance by the clubs management team who have made no updates apart from the "Unfortunately we are experiencing technical issues"

 

[sparkyvanman]

We rang them on Monday to book a ferry , they told us all systems down hope to be back at the end of the week .

^{_{Subscribers  do not see these advertisements}}