Last updated: 6 April 2018
As part of our online security monitoring, we became aware of suspicious activity on a very small proportion of our players’ online National Lottery accounts. We reported this matter to the police and the Information Commissioner’s Office, and are liaising with the National Cyber Security Centre.
We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or the payment of prizes.
We are taking all the necessary steps to fully understand what has happened, but we currently believe that around 160 accounts – out of 10.5 million registered with us in total – have been subject to an unauthorised log-in and that very limited information may have been viewed. A much smaller number – approximately 15 accounts – have had some limited activity take place within the account since it was accessed, but no player has seen any financial loss.
We would like to reassure our players that we do not display full debit card or bank account details on their online National Lottery accounts. We have suspended all of the affected accounts and have directly contacted these players to help them re-activate their accounts securely. We are also urging National Lottery players to change their online password, particularly if they use the same password across multiple websites.
Protecting our players’ personal data is of the utmost importance to us. We are very sorry for any inconvenience this may cause and would encourage those with any concerns to contact us directly, so we can discuss it with them in more detail.