According to the operator Camelot, roughly 26,500 accounts of the UK National Lottery players were accessed by cybercriminals.
The security breach was spotted on November 28th during a routine online security monitoring.
“We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited,” added the operator.
“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”
The operator Camelot excludes that its systems were compromised by hackers, its experts believe that that login credentials had been stolen elsewhere. Players affected have been alerted by the operator via email.
“We regret to inform you that your account has been subject to an unauthorized login.” reads the email. “However, please be assured that we don’t hold full bank account details.. and no money has been deposited or withdrawn from your account”.
In response to the security breach, the operator suspended the accounts that were accessed by the crooks and the passwords were reset.
“Other players reacted in anger on Twitter after being alerted of their accounts being compromised, with one user, Richard C writing: “My account has been potentially breached. Not good at all.”” reported ESET.
The UK Information Commissioner’s Office is investigating the incident.
“We are aware of this incident and we have launched an investigation,” confirmed an ICO spokesperson.
“The Data Protection Act requires organizations to do all they can to keep personal data secure – that includes protecting it from cyberattacks. Where we find this has not happened, we can take action.”
Stay Tuned…
[adrotate banner=”9″]
(Security Affairs – Camelot, UK National Lottery)
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.