The holiday camp operator has said that the data does not include payment details, however it is likely that all other data has been obtained, including that showing when clients will be away. The details were obtained by a phishing email.
The data which may have been accessed includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and telephone numbers.
Investigations however, have not found any fraudulent activity related to the event, a spokesperson said.
Guests who may have been affected are being contacted directly by Butlin’s to let them know what’s happened, what they should do and what is being done to resolve the situation.
The data breach is thought to have happened within the last four days. Butlin’s has reported the incident to the Information Commissioner’s Office, which it is obliged to do under the new GDPR regulations.
Butlin’s managing director Dermot King said: "Butlin’s takes the security of our guest data very seriously and have improved a number of our security processes.
"I would like to apologise for any upset or inconvenience this incident might cause. A dedicated team has been set up to contact all guests who may be affected directly. I would like to personally reassure guests that no financial data has been compromised."