The company said it did not believe its own systems had been compromised, but rather that the players login details had been stolen from elsewhere. Furthermore, no money had been taken from or added to the compromised accounts but there had been other suspicious activity on fewer than 50 of them.
The National Lottery does not hold full debit card or bank account details in National Lottery players online accounts and no money has been taken or deposited.
The Information Commissioners Office said it had launched an investigation into the matter. Camelot is contacting the owners of the accounts thought to have been compromised and instructing them to change their passwords.
Speaking about other recent attacks targeted at the UK public, James Romer, Chief Security Architect EMEA, SecureAuth Corporation said: “This is not the first breach of this kind, Three Mobile, Deliveroo and now the National lottery and all in the span of a month. While steering clear of password reuse and adopting a password manager to allow for complex passwords will improve a consumer’s personal cybersecurity posture, today’s incident underlines the need to strengthen access controls.
For too long organisations have relied on passwords as the single form of access control and it is simply not strong enough, nor adequate to protect vital applications and data. Luckily, on this occasional no money or banking credentials were obtained. However, this should serve as a stark reminder of why organisations must strengthen their defences against cyber adversaries by employing cutting edge adaptive authentication.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now