National lottery operator Camelot tells players to change their passwords after thousands of accounts have been accessed by cybercriminals.
Around 26,500 National Lottery players in the UK have had their online accounts accessed by cybercriminals, operator Camelot has revealed.
The operator was first alerted to a security incident on November 28th, during routine online security monitoring.
Camelot believes that its own systems were not compromised, stating that it is of the opinion that usernames and passwords had been stolen elsewhere.
“We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited,” it added.
“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”
Camelot has since suspended victim’s accounts, along with initiating a compulsory password reset.
Those affected have been alerted through an email. One player, Nigel McKee took to Twitter to ask National Lottery if the email was genuine, which was later confirmed by the company.
The email stated: “We regret to inform you that your account has been subject to an unauthorized login.
“However, please be assured that we don’t hold full bank account details.. and no money has been deposited or withdrawn from your account”.
Other players reacted in anger on Twitter after being alerted of their accounts being compromised, with one user, Richard C writing: “My account has been potentially breached. Not good at all.”
The Information Commissioner’s Office in the UK released a statement confirming that they are investigating the incident after being alerted by Camelot:
“We are aware of this incident and we have launched an investigation,” a spokesperson commented.
“The Data Protection Act requires organizations to do all they can to keep personal data secure – that includes protecting it from cyberattacks. Where we find this has not happened, we can take action.”
It added that it is seeking to talk to Camelot about the incident, to establish the facts around this data breach.
“We’d like to reassure our customers that protecting their personal data is of the utmost importance to us,” Camelot said.