Security Update: Phishing Emails and Booking Information

Last updated: 24th April 2026

We are currently investigating a security incident that has resulted in some of our customers receiving scam emails.

This page provides the latest information and will be updated as our investigation progresses.

What has happened

We identified that some customers were receiving phishing emails that appeared to relate to their booking with Glen Nevis Holidays.

These emails used real booking details and directed customers to fraudulent websites designed to take payment.

Following a detailed investigation, we have confirmed that this was caused by a compromise of one of our office computers.

This allowed an unauthorised third party to access booking information using a legitimate staff login session.

Because of how this type of attack works, it can bypass normal protections such as password changes and two-factor authentication (2FA).

What information may have been affected

The information potentially accessed includes:

  • Customer name

  • Contact details (email and/or phone number)

  • Booking dates and booking value

We do not store payment card information on our booking system.

Bookings made prior to 22nd April 2026 may be impacted.

What we are doing

We have taken immediate action to contain and investigate the issue:

  • Isolated the affected computer

  • Reset access to our booking systems and enforced two-factor authentication for all users

  • Terminated active sessions and removed any potentially compromised access

  • Worked with independent an IT specialist to help secure our systems

  • Reviewed system access logs to understand the scope of the incident

  • Reported the incident to the Information Commissioner’s Office (ICO) and Police Scotland

  • Actively working to identify and take down fraudulent websites and email accounts

Current position

  • The main known scam websites have been restricted and are now flagged as phishing sites

  • Known scam activity has been disrupted

However, scammers may attempt to create new websites or contact methods, so continued vigilance is important.

What you should do

If you have a booking with us:

  • Your booking remains valid and unaffected

  • Be cautious of any emails asking you to confirm or pay for your booking via a link

  • For reference, our legitimate booking payment page can be found here: https://glen-nevis.campmanager.com/21585/Login/

  • If you are unsure about any message, contact us directly using the details on our website

If you receive a suspicious email or message:

  • Do not click any links or make any payments

  • Forward it to hello@glen-nevis.co.uk with the subject “Scam”

  • Block and report the sender where possible

If you believe you may have responded to a scam or shared financial information:

  • Contact your bank immediately

  • Let us know the details

  • Report the incident to Police Scotland

Contact us

If you have any questions or concerns, please contact us:

hello@glen-nevis.co.uk
01397 702 191

Ongoing updates

We will continue to update this page as our investigation progresses and as further information becomes available.