According to the operator Camelot, roughly 26,500 accounts of the UK National Lottery players were accessed by cybercriminals.
The security breach was spotted on November 28th during a routine online security monitoring.
“We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited,” added the operator.
“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”
The operator Camelot excludes that its systems were compromised by hackers, its experts believe that that login credentials had been stolen elsewhere. Players affected have been alerted by the operator via email.
“We regret to inform you that your account has been subject to an unauthorized login.” reads the email. “However, please be assured that we don’t hold full bank account details.. and no money has been deposited or withdrawn from your account”.
In response to the security breach, the operator suspended the accounts that were accessed by the crooks and the passwords were reset.
“Other players reacted in anger on Twitter after being alerted of their accounts being compromised, with one user, Richard C writing: “My account has been potentially breached. Not good at all.”” reported ESET.
@rnc66 Hi, if you would like to discuss this email please contact us using the details included within it. Thanks, Charles
— The National Lottery (@TNLUK) 29 novembre 2016
The UK Information Commissioner’s Office is investigating the incident.
“We are aware of this incident and we have launched an investigation,” confirmed an ICO spokesperson.
“The Data Protection Act requires organizations to do all they can to keep personal data secure – that includes protecting it from cyberattacks. Where we find this has not happened, we can take action.”
(Security Affairs – Camelot, UK National Lottery)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.