The UK National Lottery operator Camelot released a statement saying they have reason to believe that thousands of online player accounts have been breached.
Camelot said that following a security monitoring check Monday, they discovered suspicious activity. They believe around 26,500 player accounts were hacked. They also stated that less than 50 accounts showed signs of activity after the hack.
After Camelot released the account breach statement, the Information Commissioner’s Office released a statement saying:
Camelot submitted a breach report to us last night which we have reviewed. We will be talking to Camelot today. The Data Protection Act requires organizations to do all they can to keep personal data secure; that includes protecting it from cyber-attacks. Where we find that this has not happened, we can take action. Organizations should be reminded that cyber security is a matter for the boardroom, not just the IT department.
Camelot stated that they are currently taking all the steps they can to fully understand what took place. They believe that email addresses and passwords used on the Lottery’s website had been stolen from another site where players used the same login details. Camelot reassured users they do not hold full credit card and bank account information on their players and that no money has been deposited or withdrawn from any of the accounts in question. Head organizer for Camelot said that the players involved will be contacted and walked through the steps to “re-activate their accounts security”.
Camelot took it upon themselves to change 26,500 user passwords in order to stop any activity on the hacked accounts, and will be contacting the players so that they may change the password to their own. Camelot wanted to make a clear statement that there was no unauthorized access to the Lottery’s core systems and any of its databases; which affect draws and payments. They went on to say that they were taking the matter very seriously, and that protecting customer data is their top priority:
We are very sorry for any inconvenience this may cause to our players and would like to encourage those with any concerns to contact us directly, so we can discuss it with them in more detail.
One such Lottery user was contacted about the breach to his account, and many others. He said because of this information he was thinking about canceling his account and that he was more inclined to just play the lottery in stores with cash instead of online.
This isn’t the first time we have heard of data and account breaches taking place with major organizations like this. Yahoo just recently found out that a vast amount of user accounts had been hacked in the past. Most recently, banking giant Tesco fell victim to cyber-attacks. Mobile Communications app TalkTalk was breached this year as well.