Hackers may have obtained the details of up to 34,000 guests of Butlin's, the British holiday company.
The data includes booking reference numbers, lead guest names, holiday arrival dates, postal and email addresses and phone numbers.
The good news for Butlin's in this case is that it's done a thoroughly modern job of reporting it to the Information Commissioner's Office, with the breach only taking place within the last 72 hours.
The firm is now contacting people who may have been affected to inform them and tell them what they should do.
It is understood that the data breach occurred this week, when criminals gained access to the company's systems using a "phishing" email.
"Butlin's take the security of our guest data very seriously and have improved our security processes".
Nigel Taylor, managing director and founder, says: 'Companies are ultimately in the hands of their staff to halt these attacks at the front line.
The firm has published a dedicated web page with some details about the breach.
There are three Butlin's holiday camp sites - Skegness in Lincolnshire, Bognor Regis in West Sussex and Minehead in Somerset.
Butlin's says it will be contacting all guests who may have been affected by the incident by the end of 13 August. It is contacting customers who may have been affected. I would like to apologise for any upset or inconvenience this incident might cause.