The data at risk includes names, home addresses, email addresses and telephone numbers, according to the company.
Butlin's insisted that "no financial data has been compromised".
It said it is contacting people who may have been affected to let them know what has happened and what they should do.
Butlin's managing director Dermot King said: "Butlin's take the security of our guest data very seriously and have improved a number of our security processes.
"I would like to apologise for any upset or inconvenience this incident might cause.
"A dedicated team has been set up to contact all guests who may be affected directly.
"I would like to personally reassure guests that no financial data has been compromised."
The incident has been reported to the Information Commissioner's Office.