CAMC Still Uncertain if Member Data was Stolen in Cyberattack Incident

The Caravan and Motorhome Club (CAMC) is still grappling with the aftermath of a January cyberattack, with uncertainty lingering over whether members’ data was stolen. In a recent update shared with members and published on its website, the CAMC detailed the types of data that may have been accessed, but stopped short of confirming any theft.

Nick Lomas, director general at the CAMC, stated, “The cyber security team conducting the forensic investigation cannot confirm that any member data has been accessed, stolen, or is being used in an unauthorized manner.” The organization, which boasts over a million members, outlined the potential data that may have been compromised for those who purchased insurance policies through its website.

Members who took out policies for breakdown insurance, caravan insurance, or made claims on emergency assistance between 2018 and 2024 may have had various personal details accessed. The CAMC assured members that it would directly contact those affected if data compromise is confirmed.

As a precautionary measure, members are advised to update their passwords and remain vigilant against phishing attacks. The CAMC emphasized the importance of data security and stated that additional cybersecurity measures have been implemented to prevent future incidents.

While the organization will no longer provide updates on social media at the advice of cybersecurity experts, any further developments will be communicated directly to members. Lomas expressed apologies for any inconvenience caused and thanked members for their patience during this challenging time.

The incident, which began on January 20 and resulted in the website and app being offline for weeks, has raised concerns among members about the safety of their data. Despite initial assurances from the CAMC, the possibility of data access is now being considered, with the organization reporting the incident to the Information Commissioner’s Office.

Although the involvement of ransomware has not been confirmed, files allegedly belonging to the CAMC are available for download on a leak blog associated with LockBit, a ransomware group. The publication of these files suggests that the organization may have resisted paying a ransom to the cybercriminals.

Members are encouraged to stay informed through the CAMC’s website and exercise caution in response to any suspicious communications. The organization remains committed to safeguarding member data and ensuring a secure online environment for its community.