Caravan and Motorhome Club's website down!

[Gromett]

Seems there are quite a few this time Mother Of All Breaches released 24/01/2024

Keep an eye out all that's for sure in the days/months ahead.

Don't read too much into that. McAfee are trying to sell you their services.
The mother of all breaches happens with regulatory you wouldn't believe. Every month or two another article like that is published. The actual reality though is that the vast bulk of the data release is old stuff that has been released multiple times before.
Loads are duplicates and very few are actually new data.

Unless you are using the same email/password across multiple services then you are relatively safe unless you are on one of those service. If you use the same password then slap your own wrists and get working.

 

[FrankNicklin]

No Apple devices are based on BSD not Linux. Both related to Unix kind of but different beasts. OS/X and IOS are related to linux like 2nd or 3rd cousins but more different than alike after recent years with Systemd etc.
BSD is getting more a more attractive as I miss the init.d days.

I was generalising when I said Linux as there are many many flavours, but under the hood many of the Linux commands/functions are the same for day to day use.

For the record I also own my own domain but choose to use remote hosting and email services.

 

[donkey]

They've now started sending out "individual" emails.
+++++
I wanted to write to you personally to apologise that you have not been able to access any of our digital channels or speak to our contact centre over the past few days.

On Saturday 20 January 2024 we were informed by leading forensic experts that the Club has been the victim of a cyber security incident. Once the incident was detected, we immediately deployed best practice response protocols and containment measures, including taking all systems offline and implementing enhanced monitoring technology. By taking swift action we greatly minimised the effects of this cyber security attack.

The same day we notified the Information Commissioner’s Office (ICO); a standard procedure in these incidents.

Advice from our cyber security experts was to not raise public awareness of the incident and to allow their forensic team to carry out the necessary investigation to understand what systems (if any) may have been accessed.

We understand the lack of communications will have been frustrating for members but we have followed advised procedures in order to safeguard members until the full facts were known and to help avoid any potential further issues.

Our internal and external specialist teams are working around the clock to understand the extent of this incident. We are working to establish whether there was any unauthorised access or exfiltration of members’ data. However, we believe the correct thing to do now is to notify you of the incident.

We will of course alert individual members as soon as possible if any breach of member data is established.

At this time we are working with our IT partners, with an abundance of caution, while in the process of restoring all of our systems slowly, methodically and carefully to safeguard security.

This type of incident is a reminder that we must all remain vigilant to any unusual or spurious requests for personal details. Please note that we will never contact you unprompted to ask for your account details or security information, and we will never ask you to disclose your passwords. Data security is of paramount importance, to us, our members, guests and suppliers.

It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email password and any online passwords. It is advised that you use a combination of letters, numbers and symbols. If you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it.

I would like to offer our most sincere apologies for the inconvenience this has caused. Your Club teams are working in tandem with our dedicated and expert partners to understand better the details of this incident and to restore the Club systems.

We greatly appreciate the many comments of support and understanding that members have expressed.

Below are a number of links to useful cyber security websites and a list of frequently asked questions that we feel may be of use to members during this period. As and when we have more information we will be communicating with members directly.

Kind regards

Nick Lomas
Director General
Caravan & Motorhome Club


Useful information
Please see below links on how to stay safe online.

You’ll find lots of useful information and top tips on how to stay safe online on these links: National Cyber Security Centre, Action Fraud, Get Safe Online and Stop Scams UK.

Frequently Asked Questions

Do hackers have my personal details?
We are working to establish whether there was any unauthorised access or exfiltration of members’ data.

When will you know if my personal data has been taken?
The forensic team have estimated that they will have completed their investigation in the coming days.

What will happen if you discover my personal data has been taken?
We will of course alert individual members as soon as possible if any breach of member data is established.

What do I need to do now?
Be vigilant, if you see an email, text or social media post, or if you are on a website that you think looks suspicious, don’t click any links or engage with it and delete it immediately.

Do I need to change my passwords?
It is always best practice to regularly change your passwords and as a precautionary measure, we suggest you change your email and online passwords. It is advised that you use a combination of letters, numbers and symbols for new passwords.

What is the Club doing?
We are working with cyber security experts to understand the extent of the incident and to carefully restore our systems.

Are the UK Club Campsites affected?
The winter UK Club Campsites have remained open throughout the incident.
+++++
Does that mean I need to change the hundreds of online passwords I have?

Is it me? I also got an email, apparently from CAMC. At the bottom are four links to click on.
I would have thought an email about cyber security is the last place for links to click.

Geoff

 

[mitzimad]

evidently they have been hacked for passwords i got this from another site so dont know how true

 

[Gaston aires]

Unfortunately you can’t change your password on the site it just isn’t working at all. I phoned them today and they answered and told me they are incapable of doing anything at the moment.
A real dilemma for them, no bookings, no nothing.
Thought. Is this is how wars will be fought in the future by corrupting computers?
Phil

^{_{Subscribers  do not see these advertisements}}

 

[TheBig1]

Had an email by the DG of the club this morning apologising for the outage and saying they are taking the security breach very seriously and working 24/7 on a fix

 

[Carpmart]

Unfortunately you can’t change your password on the site it just isn’t working at all. I phoned them today and they answered and told me they are incapable of doing anything at the moment.
A real dilemma for them, no bookings, no nothing.
Thought. Is this is how wars will be fought in the future by corrupting computers?
Phil

Sadly Phil, the answer is yes.

The threat to our Critical National Infrastructure through cyber ‘events’ is probably the main thing that has given me sleepless nights over the last ten years.

A very real and very present threat!

 

[steve69]

Thought. Is this is how wars will be fought in the future by corrupting computers?
Phil

Never mind the future. it's happening right now everywhere. Hackers and counter hackers are constantly battling each other as we speak.

 

[Gellyneck]

Is it me? I also got an email, apparently from CAMC. At the bottom are four links to click on.
I would have thought an email about cyber security is the last place for links to click.

Geoff

Yip, meant to mention that in my previous post!

 

[zac]

Don't read too much into that. McAfee are trying to sell you their services.
The mother of all breaches happens with regulatory you wouldn't believe. Every month or two another article like that is published. The actual reality though is that the vast bulk of the data release is old stuff that has been released multiple times before.
Loads are duplicates and very few are actually new data.

Unless you are using the same email/password across multiple services then you are relatively safe unless you are on one of those service. If you use the same password then slap your own wrists and get working.

This is not just Mcafee, this is as you say is a combination of all previous breaches as well as new ones, i have not posted for me but for others. I like you work in I.T so perfectly safe but their will be loads of others that won't be. The more that know the safer they will be as they will do something about it before it's too late.

Everyone should use some sort of password manager and generate unique passwords for each login they register, its just not safe anymore and never was to be honest to use the same password for multiple sites.

^{_{Subscribers  do not see these advertisements}}

 

[Janine]

Quite a lot of info about this on this thread..

Caravan and Motorhome Club's website down!

Has the Caravan Club gone undercover? Note on screen over weekend said they were working on website. Today screen is just blank.

www.motorhomefun.co.uk

 

[Gellyneck]

Latest update on website.
+++++
Today's Update

Thank you.

We would like to begin by thanking members for their kind messages of support following the update from the Club's Director General yesterday (see below). It has helped to lift the spirits of our IT teams and associated departments who have been working around the clock since Saturday 20th January to get the Club's systems back up and running.

By way of an update for you today:

Forensic Investigation

Our cyber security advisors are continuing with their investigation of this incident. We will of course notify members of the outcome once it is complete. This is a very important step in the process.

UK Club campsites and Certificated Locations (CL's)

Our UK Club winter campsites and our CL network have remained open throughout the period and are welcoming guests daily.

Contact Centre

Our Contact Centre has been back helping answer member queries since yesterday afternoon. We are again able to access, amend and make new bookings for our UK Club campsites and to make amendments to bookings on our overseas campsites. This is a very positive step forward and it's great to be able to talk to members again.

Want to make a booking for this weekend?

If you would like to make a booking on one of our UK Club campsites you can either call the Club campsite direct or call the contact centre. If you are looking to make a booking on a CL please call the CL directly.

Making a future booking

If you would like to make a booking for a future date please call our Contact Centre or the CL directly.

Joining the Club

Although new members are unable to join via the website at the moment, we would encourage you to call our Contact Centre where one of our membership services team members will be happy to help you.

Systems and other Club products and services

The IT team continues to work hard on restoring other Club services including Caravan Cover, Motorhome Insurance and Red Pennant, to name a few. These, and other Club services and products, are in the process of being bought up safely and securely and will be available in the coming days.

Website

We are still working closely with our IT partners, with an abundance of caution, to bring our website back online in a careful and controlled manner.

Thank you again for your patience and understanding during this difficult time.
+++++

 

[Pausim]

If you would like to make a booking on one of our UK Club campsites you can either call the Club campsite direct or call the contact centre.

Too late I booked elsewhere when the site said they could not take bookings.

If you are looking to make a booking on a CL please call the CL directly.

No change there then. We have always had to book directly with CLs not online. Perhaps the C&MC management don’t know this, why would they if they never camp and don’t listen to their members.

 

[Gellyneck]

No change there then. We have always had to book directly with CLs not online. Perhaps the C&MC management don’t know this, why would they if they never camp and don’t listen to their members.

Wonder how many of them are seeking alternative employment already given the potential backlash from members?

Next debacle will be "who's paying the costs incurred in rectification"? Members directly / indirectly, 3rd party service / management providers, insurance, ????????

 

[Swifter]

CAMC seem to be now posting daily updates on their broken website.

“

Today's Update​

Thank you.

We would like to begin by thanking members for their kind messages of support following the update from the Club's Director General yesterday (see below). It has helped to lift the spirits of our IT teams and associated departments who have been working around the clock since Saturday 20th January to get the Club's systems back up and running.

By way of an update for you today:

Forensic Investigation

Our cyber security advisors are continuing with their investigation of this incident. We will of course notify members of the outcome once it is complete. This is a very important step in the process.

UK Club campsites and Certificated Locations (CL's)

Our UK Club winter campsites and our CL network have remained open throughout the period and are welcoming guests daily.

Contact Centre

Our Contact Centre has been back helping answer member queries since yesterday afternoon. We are again able to access, amend and make new bookings for our UK Club campsites and to make amendments to bookings on our overseas campsites. This is a very positive step forward and it's great to be able to talk to members again.

Want to make a booking for this weekend?

If you would like to make a booking on one of our UK Club campsites you can either call the Club campsite direct or call the contact centre. If you are looking to make a booking on a CL please call the CL directly.

Making a future booking

If you would like to make a booking for a future date please call our Contact Centre or the CL directly.

Joining the Club

Although new members are unable to join via the website at the moment, we would encourage you to call our Contact Centre where one of our membership services team members will be happy to help you.

Systems and other Club products and services

The IT team continues to work hard on restoring other Club services including Caravan Cover, Motorhome Insurance and Red Pennant, to name a few. These, and other Club services and products, are in the process of being bought up safely and securely and will be available in the coming days.

Website

We are still working closely with our IT partners, with an abundance of caution, to bring our website back online in a careful and controlled manner.

Thank you again for your patience and understanding during this difficult time.

^{_{Subscribers  do not see these advertisements}}

 

[Prop]

Just tried logging in and got this screen tried reset password and did not get an email so looks like we need to contact customer service.

 

[Willieboy]

I might be wrong, but I think this post refers to the Caravan & Motorhome Club

Not the Camping & Caravan Club

 

[Spriddler]

Just tried logging in and got this screen tried reset password and did not get an email so looks like we need to contact customer service.
View attachment 858743

Wrong club.
It's the Caravan and Motorhome Club (CAMC) that has the website problem.

 

[Prop]

Wrong club.
It's the Caravan and Motorhome Club (CAMC) that has the website problem.

Woops

 

[cyberyacht]

I wonder if it's naughty people the other side of the Urals that resent caravanners?

^{_{Subscribers  do not see these advertisements}}

 

[FrankNicklin]

Are the updates they are posting actual updates. Heading is currently Todays Update but the updates are not dated so how do you know what progress they are making. Their idea of clarity is somewhat foggy.

 

[Gellyneck]

Are the updates they are posting actual updates. Heading is currently Todays Update but the updates are not dated so how do you know what progress they are making. Their idea of clarity is somewhat foggy.

Simples really, they'll just change the heading to "Yesterday's Update" and then "Latest Update".
That'll clear up any confusion!

 

[Spriddler]

Are the updates they are posting actual updates. Heading is currently Todays Update but the updates are not dated so how do you know what progress they are making. Their idea of clarity is somewhat foggy.

One can't even be sure they've been posted by the CAMC.
(I'm suspicious of everything these days, especially since all the publicity about AI).

 

[Realist]

Data breach.

 

[Andyb01]

The costs of recovery can be significant and some systems/ data may never be recovered. Backups, whilst often taken, are rarely tested and often fail on attempted recovery. Any online networked backups will have been targeted by ransomware in any case, they always are.

The access pathways for such attacks are generally always the same, it's either an exploit of unpatched systems, use of insecure protocols/ weak ciphers, misconfiguration of controls, or wetware failure (e.g. clicking a phishing link).

Personally, my money's on the wetware.

I feel for the IT guys at the sharp end trying to clean up the mess - always a tough gig.

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

Latest update on website.
+++++
Weekend Update

Please see below an update on the progress to restore our systems.

Cover and Insurance

Our Contact Centre is now able to take calls from members regarding new and existing Caravan Cover, Motorhome Insurance, Red Pennant and Mayday policies.

Website

Work is ongoing to bring back our website in a careful and controlled manner.

UK Club Campsites, Affiliated Campsites and Certificated Locations (CL's)

Our UK Club winter Campsites, Affiliated Campsites and our CL network have remained open throughout the period and are welcoming guests daily.

Our IT teams and external partners will continue, with an abundance of caution, to work over the weekend to restore other Club systems.

We thank you for your patience, understanding and support, not only for our Club but also for our teams who are working so hard to get systems up and running again.

We will provide another progress update week commencing 29th January.
+++++

 

[Gellyneck]

Today's update (29/01/2024)
+++++
Todays Update

Our IT teams and external partners have worked all weekend to continue to bring back the club's remaining systems.

Good progress has been made, however work will continue over the coming days to bring back our website in a careful and controlled manner.

UK Club campsites, Affiliated Campsites and Certificated Locations (CL's)

Our UK Club winter Campsites, Affiliated Campsites and our CL network have remained open throughout the period and are welcoming guests daily.

Joining the Club

To join our wonderful Club we would encourage you to call our Contact Centre where one of the membership services team members will be happy to help you.

Want to make a booking for this week?

If you would like to make a booking on one of our UK Club campsites you can either call the Club campsite direct or call the contact centre. If you are looking to make a booking on an Affiliated Campsite or CL please call them directly.

Making a future booking

If you would like to make a booking for a future date please call our Contact Centre or the Affiliated Campsite or CL directly.

Cover and Insurance

Our Contact Centre is now able to take calls from members regarding new and existing Caravan Cover, Motorhome Insurance, Red Pennant and Mayday policies.

Forensic Investigation

Our cyber security advisors are continuing with their investigation of this incident. We will of course notify members of the outcome once it is complete. This is a very important step in the process.

We continue to thank you for your patience, understanding and support, not only for our Club but also for our teams who are working so hard to get systems up and running again.
+++++

 

[starquake]

With the site being down, a few CL's that used their booking engine stuff were unavailable (those without a phone number on their website) this weekend.
Ended up doing our "first" wild camp at seaside, which was quite beneficial, only downside being we've used a second bottle of gas.

 

[DT]

Contact centre not taking calls got through to the site I wanted but they cannot take bookings and the lady said they still had to carry out their regular chores so unable to help. Let's hope they stop building lodges etc and invest that money in IT.

 

[SpeedyDux]

You show them your membership card as proof of identity and they "trust" you when you tell them how many nights, what deposit paid, if you've got a voucher, etc...... and they manually calculate what you owe them. You only get the card payment slip as a receipt.

Guess if you're unscrupulous you could say you paid in full but they'll no doubt catch up with you when the system comes back up.

I had to make a request for a plastic membership card because the Club stopped issuing them automatically on renewal. Members are supposed to have their membership details on the Club App, to show to the warden on arrival. How does that digital-only membership check work when the central computer system is down? At least the plastic card is more resilient and can be relied on as proof.

It might be a good idea to print off your booking details and proof of deposit and carry them with you in future. Which negates the supposed benefit of an all-digital system.

What a palaver.

^{_{Subscribers  do not see these advertisements}}