Camelot – the operators of the National Lottery – have recently released a statement to notify users that there has been suspicious activity on some online accounts.
Some 26,500 National Lottery accounts are feared to have been accessed, although Camelot were quick to assure users that there hasn’t been any ‘unauthorised access’ to the core National Lottery systems.
The cause for concern is that National Lottery draws, or payment of prizes, may have been accessed, but Camelot denied this was the case. They continue to say that no money has been deposited or withdrawn from their users’ accounts, and only a small percentage of their 9.5 million registered users may potentially be affected.
Suspicious activity
Camelot first became aware of the suspicious activity on 27 November 2016. Since then, they’ve been “taking all the necessary steps to fully understand what has happened”.
They believe that email addresses and passwords may have been compromised, but the personal information may have been stolen from another website where users use the same information.
National Lottery took to social media platform Twitter to notify customers that the following information may have been accessed: name, contact details, date of birth, transaction history, account preferences, last four digits of their card number, and expiry date of the card.
Safety precautions
Camelot seems to have taken safety precautions by suspending the accounts that may have been affected. They’ve also taken the time to contact the affected users to assist them in re-activating their accounts securely, advising them to change their passwords, and providing general online security advice.
A mere coincidence?
In November, the National Lottery’s app went down for a while, which was thought to be because of a faulty QR reader. The QR scanner allows users to scan their paper tickets with their mobile phones to check if they have a winning ticket. What if the glitch was the National Lottery checking their systems for cyber-security purposes? The glitch could just be a mere coincidence with the current issue, and we’ll have to wait to find out.
Until then, we can only theorise.
Data protection watchdog and other authorities
Although Camelot hasn’t confirmed that there had been a breach of data, they submitted a report to the Information Commissioner’s Office (ICO) as soon as they became suspicious. The ICO has launched an investigation into the matter.
The matter is also being investigated by the National Crime Agency and the National Cyber Security Centre (NCSC).