Camelot, the United Kingdom’s National Lottery operator, today admitted that the personal information of approximately 26,500 players was accessed by hackers. The organisation stated that it was aware of some suspicious activity on these accounts a few days ago during a routine security inspection.
The operator initially claimed that there was no unauthorised access to the National Lottery systems. However, the attack may have resulted in client’s personal details held in online accounts to be accessed.
Camelot is currently investigating how the hackers executed this data-breach without compromising the organisation’s systems. The operator believes that the email addresses and passwords that were used in the breach were most likely stolen from users who use the same log-in details on various platforms.
However, not everyone is buying this explanation. There is at least one customer, who was contacted by Camelot about the breach via email, or confirmed that his username and password are unique via Twitter to the National Lottery site.
Meanwhile, Troy Hunt, the cyber security expert told BBC today that there have been many cases of hackers stealing log-in details from a platform and using this information to breach another. However, there are still questions that must be asked about Camelot’s safety.
The United Kingdom’s data protection watchdog – the Information Commissioner’s Office, stated that it launched an investigation to determine if Camelot has, in fact, breached the Data Protection Act.