Personal details 'may have been accessed' after hackers target Lottery accounts

Updated: 

Thousands of customer accounts on the National Lottery website may have been compromised.

Camelot said it believes that "around 26,500 players' accounts were accessed", but fewer than 50 accounts have had activity take place since the hack.

The National Lottery operator said it became aware of "suspicious activity" on a number of players' online National Lottery Accounts on Monday.  

Camelot said: "Of our 9.5 million registered online players, we believe that around 26,500 players' accounts were accessed.

"A much smaller number - fewer than 50 - have had some activity take place within the account since it was accessed. This was limited to some of their personal details being changed - and some of these details may have been changed by the players themselves.

"However, we have taken the measure of suspending the accounts of these players and are in the process of contacting them to help them re-activate their accounts securely.

"In addition, we have instigated a compulsory password reset on the accounts of the 26,500 affected players. We are in the process of pro-actively contacting them to help them change their passwords, as well as giving them some more general online security advice."

Camelot said it wanted to make clear that there has been no unauthorised access to core National Lottery systems or any of its databases, which would affect National Lottery draws or payment of prizes.

"In addition, no money has been deposited or withdrawn from affected player accounts," the statement added.

Camelot said it believes that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.

"We do not hold full debit card or bank account details in National Lottery players' online accounts and no money has been taken or deposited.

"However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed," the operator said. 

National Lottery player Nigel McKee, a tech operative from Randalstown in County Antrim, said he is thinking of cancelling his account following the hack. 

"It would make me more inclined to do it in store with cash. I'll probably just cancel it altogether," he said.

Mr McKee, 21, said the incident could lead to people losing faith in the National Lottery.

"It's worrying when they can get so much details of yours," he said. 

Mr McKee received an email from the National Lottery with the subject line "Important Player Message", which said: "We regret to inform you that your account has been subject to an unauthorised log-in.

"This may have resulted in any personal information held within your account being accessed."

A spokesman for the Information Commissioner's Office said: "We are aware of this incident and we have launched an investigation. Camelot submitted a breach report to us last night which we have reviewed. We will be talking to Camelot today.

"The Data Protection Act requires organisations to do all they can to keep personal data secure - that includes protecting it from cyber attacks. Where we find this has not happened, we can take action. Organisations should be reminded that cyber security is a matter for the boardroom, not just the IT department."