Center Parcs

Center Parcs, a vacation rental company, suffered a cyberattack on June 4 that targeted their phone reservation system. The attack was halted on June 6, and the incident was reported to the CNIL, the French data protection authority. Around 20,000 customers across Europe were affected, with names, email addresses, and reservation details stolen. No financial data, passwords, phone numbers, or home addresses were compromised. The company has informed affected customers and is considering filing a formal complaint with the police.

Source: https://datanews.levif.be/actualite/securite/fuites-donnees/center-parcs-revele-avoir-perdu-des-donnees-a-cause-dune-cyberattaque/

TPRM report: https://scoringcyber.rankiteo.com/company/centerparcseurope

"id": "cen302061625",
"linkid": "centerparcseurope",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '20,000',
                        'industry': 'Hospitality',
                        'location': 'Europe',
                        'name': 'Center Parcs',
                        'type': 'Vacation rental company'}],
 'attack_vector': 'Targeted system used for telephone reservations',
 'customer_advisories': ['Warned customers about potential email scams'],
 'data_breach': {'number_of_records_exposed': '20,000',
                 'personally_identifiable_information': ['Names',
                                                         'First names',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'Low to Medium',
                 'type_of_data_compromised': ['Personal information',
                                              'Reservation details']},
 'date_detected': '2023-06-04',
 'date_resolved': '2023-06-06',
 'description': 'Center Parcs, a vacation rental company, suffered a '
                'cyberattack resulting in the theft of reservation data '
                'affecting 20,000 customers.',
 'impact': {'data_compromised': ['names',
                                 'first names',
                                 'email addresses',
                                 'reservation details (reservation number, '
                                 'location, and duration of stay)'],
            'identity_theft_risk': ['Potential for targeted email campaigns'],
            'systems_affected': ['Telephone reservation system']},
 'initial_access_broker': {'entry_point': 'Telephone reservation system'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Data News'}],
 'regulatory_compliance': {'regulatory_notifications': ['CNIL']},
 'response': {'communication_strategy': ['Notified affected customers'],
              'containment_measures': ['Access to the targeted system was '
                                       'suspended',
                                       'Technical correction measures to '
                                       'improve system security'],
              'law_enforcement_notified': ['CNIL', 'Police'],
              'third_party_assistance': ['Cybersecurity experts']},
 'title': 'Center Parcs Data Breach',
 'type': 'Data Breach'}