Caravan and Motorhome Club's website down! (4 Viewers)

[Gellyneck]

They've now started sending out "individual" emails.
+++++
I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days.

On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack.

The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents.

Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed.

We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues.

Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident.

We will of course alert individual members as soon as possible if any breach of member data is established.

At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security.

This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers.

It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it.

I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems.

We greatly appreciate the many comments of support and understanding that members have expressed.

Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly.

Kind regards

Nick Lomas
Director General
Caravan & Motorhome Club


Useful information
Please see below links on how to stay safe online.

You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK.

Frequently Asked Questions

Do hackers have my personal details?
We are working to establish whether there was any unauthorised access or exfiltration of members’ data.

When will you know if my personal data has been taken?
The forensic team have estimated that they will have completed their investigation in the coming days.

What will happen if you discover my personal data has been taken?
We will of course alert individual members as soon as possible if any breach of member data is established.

What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.

Do I need to change my passwords?
It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords.

What is the Club doing?
We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems.

Are the UK Club Campsites affected?
The winter UK Club Campsites have remained open throughout the incident.
+++++
Does that mean I need to change the hundreds of online passwords I have?

 

[Revolvor]

Just got this.

EDIT: Just seen it's also on the other thread.

​ ​ ​ ​ ​

​ Dear #####, I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days. On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack. The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents. Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed. We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues. Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident. We will of course alert individual members as soon as possible if any breach of member data is established. At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security. This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers. It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it. I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems. We greatly appreciate the many comments of support and understanding that members have expressed. Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly. Kind regards Nick Lomas Director General Caravan & Motorhome Club Useful information Please see below links on how to stay safe online. You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK. Frequently Asked Questions Do hackers have my personal details? We are working to establish whether there was any unauthorised access or exfiltration of members’ data. When will you know if my personal data has been taken? The forensic team have estimated that they will have completed their investigation in the coming days. What will happen if you discover my personal data has been taken? We will of course alert individual members as soon as possible if any breach of member data is established. What do I need to do now? Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately. Do I need to change my passwords? It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords. What is the Club doing? We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems. Are the UK Club Campsites affected? The winter UK Club Campsites have remained open throughout the incident.

 

[poppycamper]

They've now started sending out "individual" emails.
+++++
I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days.

On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack.

The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents.

Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed.

We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues.

Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident.

We will of course alert individual members as soon as possible if any breach of member data is established.

At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security.

This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers.

It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it.

I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems.

We greatly appreciate the many comments of support and understanding that members have expressed.

Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly.

Kind regards

Nick Lomas
Director General
Caravan & Motorhome Club


Useful information
Please see below links on how to stay safe online.

You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK.

Frequently Asked Questions

Do hackers have my personal details?
We are working to establish whether there was any unauthorised access or exfiltration of members’ data.

When will you know if my personal data has been taken?
The forensic team have estimated that they will have completed their investigation in the coming days.

What will happen if you discover my personal data has been taken?
We will of course alert individual members as soon as possible if any breach of member data is established.

What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.

Do I need to change my passwords?
It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords.

What is the Club doing?
We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems.

Are the UK Club Campsites affected?
The winter UK Club Campsites have remained open throughout the incident.
+++++
Does that mean I need to change the hundreds of online passwords I have?

Yep... just got mine!!

 

[poppycamper]

Just got this.

​

Dear #####, I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days. On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack. The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents. Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed. We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues. Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident. We will of course alert individual members as soon as possible if any breach of member data is established. At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security. This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers. It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it. I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems. We greatly appreciate the many comments of support and understanding that members have expressed. Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly. Kind regards Nick Lomas Director General Caravan & Motorhome Club Useful information Please see below links on how to stay safe online. You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK. Frequently Asked Questions Do hackers have my personal details? We are working to establish whether there was any unauthorised access or exfiltration of members’ data. When will you know if my personal data has been taken? The forensic team have estimated that they will have completed their investigation in the coming days. What will happen if you discover my personal data has been taken? We will of course alert individual members as soon as possible if any breach of member data is established. What do I need to do now? Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately. Do I need to change my passwords? It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords. What is the Club doing? We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems. Are the UK Club Campsites affected? The winter UK Club Campsites have remained open throughout the incident.

Me too!!

 

[Gellyneck]

Me too!!

Me three!

^{_{Subscribers  do not see these advertisements}}

 

[David and Sally]

Got mine.

 

[Gellyneck]

Same message is now the home page for website!
Better late than never!

 

[Masman]

Got mine.But How can i change my password when the site & App are not working

 

[FrankNicklin]

Got mine.But How can i change my password when the site & App are not working

They suggest you change your password on other sites if it is the same as the password on CAMC. Sadly many people use the same password on multiple sites.

 

[Jim]

I'm just wondering whether I prompted them, probably not, but you never know. I posted this on Linkedin early this morning and then tagged them.

𝐓𝐡𝐞 𝐏𝐨𝐰𝐞𝐫 𝐨𝐟 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐢𝐧 𝐂𝐫𝐢𝐬𝐢𝐬

In the digital age, where connectivity and immediacy are the norms, the silence from a service provider during a crisis can be deafening. An ongoing situation for a major UK caravan and motorhome club sees them experiencing an extended website downtime.

However with only minimal, vague updates provided, members are left in a whirlwind of speculation and concern, especially regarding the security of their private information.

This scenario underscores a crucial lesson for all of us: In times of uncertainty, transparent and consistent communication with your community isn't just beneficial--it's essential. Silence can fuel speculation, worry, and frustration, eroding trust even among the most loyal members.

At Motorhomefun, we believe in the strength of our community and the power of open dialogue with our membership. Whether it's a moment of celebration or a time of challenge, we're committed to keeping the lines of communication wide open with our members.

^{_{Subscribers  do not see these advertisements}}

 

[Masman]

They suggest you change your password on other sites if it is the same as the password on CAMC. Sadly many people use the same password on multiple sites.

Luckily I use different passwords.

 

[Guigsy]

They suggest you change your password on other sites if it is the same as the password on CAMC. Sadly many people use the same password on multiple sites.

THIS!

 

[Dorset Diver]

Whoopee, I got my personal message also.

 

[FrankNicklin]

Their new method of payment is card for deposit , retain details to take the balance on the morning of arrival. Payment via the office on arrival is discouraged.

Edit; cleared up by starquake above. Thanks

They won't as based on my actual use of the system - the people that DO hold it are Worldpay, and CAMC just hold a transaction reference to ask them to bill the remainder. Thats based on my last payments for both a site and their clubfest event. Once the payment completes, the link between that transaction and CAMC is wiped so they can no longer bill you.
You can usually also ask Worldpay to keep the number for future transactions, "storing your card on CAMC" -> but that doesn't actually do that as you would think, it stores a unique to CAMC reference for your card to their systems rather than the card itself... the only one able to use that reference being CAMC themselves (as it can only be used from their webapp, and not hackers one). Thats how it works, but it's a bit more complex behind scenes... when you actually hit submit your payment goes to Worldpay then redirects back to CAMC page, so it all looks like it's CAMC, even if it isn't actually their systems you interacting with. I would stress there is no way their payment processor is breached as Worldpay is used by so many people there would be news globally about websites failing right now, as I think about 30% of all sites I visit use same payment processor...

It's how all sites work this way, even large people pass to the big 3-4 transaction processors these days as the cost of compliance is too much to do otherwise (PCI compliance I mean). The technical reason is if you do store the actual card details you put your entire app/infrastructure in scope for PCI and no-one wants to do that given the cost of compliance is "very expensive". I know actual banks who avoid this and they technically can be ruled not in scope for PCI in first place (for a technicality).

Phill D See the comment above. CAMC do not hold card details but a unique reference to the card held by World Pay.

 

[Janine]

Phill D See the comment above. CAMC do not hold card details but a unique reference to the card held by World Pay.

I understand they use World Pay for site bookings but what about annual subscriptions? Would they hold bank details for those?

^{_{Subscribers  do not see these advertisements}}

 

[CAB96]

They've now started sending out "individual" emails.
+++++
I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days.

On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack.

The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents.

Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed.

We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues.

Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident.

We will of course alert individual members as soon as possible if any breach of member data is established.

At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security.

This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers.

It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it.

I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems.

We greatly appreciate the many comments of support and understanding that members have expressed.

Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly.

Kind regards

Nick Lomas
Director General
Caravan & Motorhome Club


Useful information
Please see below links on how to stay safe online.

You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK.

Frequently Asked Questions

Do hackers have my personal details?
We are working to establish whether there was any unauthorised access or exfiltration of members’ data.

When will you know if my personal data has been taken?
The forensic team have estimated that they will have completed their investigation in the coming days.

What will happen if you discover my personal data has been taken?
We will of course alert individual members as soon as possible if any breach of member data is established.

What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.

Do I need to change my passwords?
It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords.

What is the Club doing?
We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems.

Are the UK Club Campsites affected?
The winter UK Club Campsites have remained open throughout the incident.
+++++
Does that mean I need to change the hundreds of online passwords I have?

What they should have said was:

If you use the same password on other sites, you should change them.

And not to all the same new password!

 

[CAB96]

I understand they use World Pay for site bookings but what about annual subscriptions? Would they hold bank details for those?

For direct debits, presumably yes.

But not much they can do with those on their own I believe.

But they could use them to call you up and convince you that they are calling from your bank.

 

[JustifiedAncient]

What they should have said was:

If you use the same password on other sites, you should change them.

And not to all the same new password!

Yes, incredibly badly worded and likely causing mass panic as some folks struggle to think of a new password to use for their emails etc. They should have recommended the use of a password manager to ensure unique passwords everywhere.

 

[FrankNicklin]

I understand they use World Pay for site bookings but what about annual subscriptions? Would they hold bank details for those?

Their privacy policy does say they hold bank account details. Screenshot below First paragraph.

 

[starquake]

What they should have said was:

If you use the same password on other sites, you should change them.

And not to all the same new password!

Indeed thats the best advice, ideally using a password manager so all your sites are different passwords:

I would suggest their response to this is a "matter" of learning, and I doubt they have any rehearsed "playbooks" for this in place at present based on observation.

If the response was better it would have included "We store all our passwords using X method, ensuring they are not reversable, hence we do not require you to change your password, and do not expect the hackers had access to it" if it was an open response. Or if they don't and they already know they store it reversably (ie, a hash with a trivial salt value, with not much defences) they should have advised you to change your password (or any similar password) you use on CAMC on other websites.

The above is what "good" open disclousure requires, and I can't believe 3 days in they don't know the method or hashing used to protect your password, as this would be a day 1 finding on any forensic engagement worth its money. In my mind the disclosure on password change is POOR.

^{_{Subscribers  do not see these advertisements}}

 

[starquake]

For direct debits, presumably yes.

But not much they can do with those on their own I believe.

But they could use them to call you up and convince you that they are calling from your bank.

Legally bank details are not secrets, so they don't need to protect them as they would a credit card number is. Think about a business, bank account numbers are on every invoice, so it's semi public information. People really misunderstand this in it's need to be protected. However your personal home address and phone number are "personally identifiable information" and those do have some (more concrete) legal basis for protection.

And yes, people want them for the bank scams as mentined above, be a little on guard if anyone rings saying they are from your bank!

 

[seasideBill]

Got mine.

Be interested to see if I get one. Normally I get diddly squat from them, never get invited to comment on anything and didn’t even get my free overnight voucher!

 

[Diabalo]

You can use this site to see if your e-mail address has been subject to any data breaches.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

 

[poppycamper]

You can use this site to see if your e-mail address has been subject to any data breaches.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

Thankyou... pwned free...

 

[nicholsong]

You can use this site to see if your e-mail address has been subject to any data breaches.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

How does one that is not a scam to collect e-mail addresses?

^{_{Subscribers  do not see these advertisements}}

 

[starquake]

How does one that is not a scam to collect e-mail addresses?

I can confirm it's not, it's ran by a guy (Troy Hunt) who collects information on data breaches to allow people to check on such things, who runs the site for the public good. I've met him in person once or twice at security conferences and can confirm there is nothing malicious in this, and it's more likely to do you "good" than harm in using his services in working out if you've already been disclosed by another data breach.

If you want public information about who/what he is : https://en.wikipedia.org/wiki/Troy_Hunt

 

[Tony50]

Just looked at email from above about cyber attack , I checked with the Club to make sure they don't have my credit card details , which they told me they don't have on file as I only pay annually , that's why I never go for automatic renewals,.
Now going to change my Password as recommended..

 

[Guigsy]

You can use this site to see if your e-mail address has been subject to any data breaches.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

This is a very useful service. But it's just a database of data breeches that subsequently had the hacked data publicly circulated (often on the dark web).

Just because nothing pings up here, it doesn't mean you've not been compromised. It just means your credentials aren't extremely common knowledge (yet).

Example: I got a blackmail email. To prove they'd hacked me, they told me my password. Except I use a password manager and unique passwords, so I know exactly which website that password was from. It was a tiny e-commerce site that sold American candy that went bust. That breech isn't on HaveIbeenPwned. Needless to say, I ignored the blackmail.

 

[RichardB]

They will probably put all their campsite prices up again, blaming the need to buy a new firewall and anti malware system!

 

[FrankNicklin]

You can use this site to see if your e-mail address has been subject to any data breaches.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

haveibeenpwned.com

The site is an indicator and a good starting point but not guaranteed to highlight all breaches. Over 26 billion personal details were recently posted openly online and Capita also had a huge data breach affecting pensions and various other services. There have breaches in the NHS JDSport, Twitter the list goes on and on and on. Cybernews.co.uk also have a checker but they can’t even distinguish between upper and lower case characters. Email addresses are not case sensitive. personal data is extremely valuable to both businesses and scammers.

^{_{Subscribers  do not see these advertisements}}