Up to 34,000 guest records at Butlin's may have been accessed by hackers, the holiday camp firm said.
Hackers reportedly used phishing emails to gain access to the data.
The Information Commissioner's Office has been informed about the breach.
The holiday firm, which has a site in Bognor Regis, West Sussex, said it takes guest data seriously.
Advice has been issued by Fareham IT firm Taylor Made Computer Solutions.
Nigel Taylor, managing director and founder, says: ‘Companies are ultimately in the hands of their staff to halt these attacks at the front line.
‘Investment in protective software and back-up systems is of course vital but training really is the key to protection from attacks.
‘Butlins’ case is a stark reminder that we should all be holding regular training with our staff to teach them how to spot tell-tale signs of a phishing scam.’