Major IT outage at Europe’s largest caravan and RV club makes for not-so-happy campers

The UK’s Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days.

The company, which describes itself as “Europe’s biggest touring community, helping caravanners, motorhomers and campers access over 3,000 stunning locations in the UK and Europe”, has alerted the UK’s Information Commissioner’s Office (ICO) to its situation, suggesting it has suffered a meaningful data security incident.

UK organizations must notify the ICO within 72 hours if they suffer a breach that’s likely to risk people’s rights and freedoms. The data watchdog confirmed to us today that it’s investigating based on the information provided to it.

CAMC’s issues reportedly began on January 20 when its website and mobile app originally went down “for maintenance” but have since refreshed to communicate that external teams are involved in bringing its systems back to working order.

Multiple CAMC members approached The Register to complain about the outages, which according to their accounts have caused near-total digital disruption at the company that represents 1 million members.

One member said they’ve been unable to book a March holiday over the phone due to the disruptions with booking systems. When asked whether the disruption was caused by a cyberattack, or if member data had been compromised, customer service staff were said to be unaware of the specifics.

Others expressed concern over the possibility that data indicating when they’d be on holiday, coupled with their home addresses, could have been leaked.

Over on Facebook, one techie complained: “After 25 years in IT the only way to have people’s understanding and patience is to keep them informed. Posting the same status reworded does nothing to settle the users. Much easier to say we accidently applied an update or a resource deleted a database…”

Members have also expressed annoyance with the CAMC for not communicating directly with members over email or phone.

“Oh dear, I wonder if it’s [a] ransomware-related security breach,” one member jibed on social media today, echoing similar posts. “Certainly think members are entitled to know more about the nature of the problem and any data compromise or leakage. It’s been too long an outage without any real update.”

Official comms related to the incident have come via the CAMC’s social media channels, with the most recent line being repeated to angry members: “Our technical teams are still investigating the source of the issue, we have been advised there is no evidence that member data was compromised.”

Reading between the lines, the fact that the CAMC specified no member data was affected, combined with the fact it reported itself to the ICO, suggests that other data could have been compromised.

While the CAMC has thus far avoided using the dreaded C word, cases involving widespread service outages that affect multiple platforms, and ones that require outside experts to restore access to systems, often eventually result in a cyberattack being blamed.

The incident could feasibly be explained by other possibilities too, although in cases where cybercriminals aren’t involved, we would expect the company to quickly explain that to be the case.

The CAMC has not responded to our contact attempts, and neither has the National Crime Agency (NCA), which is often called upon to deal with cybersecurity incidents in the UK.

Another member of the camping club got in touch to say the CAMC’s website and booking system “has been a shambles” since it was redesigned by digital transformation agency Freestyle Interactive, which also failed to respond to our contact requests.

It’s unclear the role Freestyle Interactive still has in the running of the CAMC’s digital infrastructure, although its website describes the agency’s partnership with the CAMC as “ongoing.”

Screenshots of the website and mobile app of the Caravan and Motorhome Club, both displaying the different outage messages

The CAMC’s website currently reads: “We sincerely apologize that members and guests are still unable to access any of our digital channels.

“Our partners and external teams of specialists are working hard to help bring our systems back online.

“We would ask for your continued support and patience and again offer our apologies for any inconvenience this is causing.”

While phone systems are back offline after a brief outage at the start of the affair, members have been asked to avoid calling “unless it’s an urgent matter,” a customer support message read on its Facebook page.

Judging by social media posts made by the CAMC’s subsidiaries, it appears the outage is contained to the CAMC only, as bookings are still being taken over the phone, online, and via email at multiple partnered travel businesses. ®

READ MORE HERE