The National Lottery Community Fund, the organisation which uses money raised by the National Lottery to help communities in the UK, has been hit by a major data breach, exposing six years of applicants’ personal data – including contact and bank details.
The organisation has awarded over £9.5bn to more than 156,000 projects in the UK since 2004. Each year it receives tens of thousands of applications for grants; the 2019-20 annual report shows it handed out £588.2m to 30,204 projects in just 12 months.
The breach relates to data provided to the organisation between September 2013 and December 2019 by those applying for grants through UK Portfolio, England funding and Building Better Opportunities.
The data includes contact details (name, address, email and land and mobile numbers), date of birth, bank details (name of bank account, sort code and account number) and the applicant organisation’s address and website.
It does not include bank account PINs, passwords or bank card details as the Community Fund does not collect those details.
Funding programmes in Northern Ireland, Scotland and Wales are not affected.
So far, the organisation has not confirmed how many charities or individuals have been affected, simply stating that this is an ongoing investigation. However, it has conceded that other personal data may also have been compromised.
In a statement, the organisation said: “We are sorry for the worry and inconvenience this may cause and want to assure all our grant holders, past, present and future, that we take your personal data seriously. We will be working to ensure that our standards going forward are what you would expect.
“We are looking into the matter fully to understand what has happened, but we need to make any UK Portfolio, England funding or Building Better Opportunities customers who supplied this type of information to us during this date range aware that their data could be at risk.
If you believe you may be affected, we would urge you to consider updating the passwords on your accounts (ensuring you use strong, unique passwords), look out for phishing emails or fraudulent activity on your bank account and consider running a credit check against your name and address to enable you to spot any fraudulent applications being made in your name.”
The Information Commissioner’s Office has been notified.
Related stories
Spy chief warns of ‘alarming’ increase in ransomware
Blackbaud breach sparks legal threat to UK universities
National Trust among 125 hit by Blackbaud hack in UK
Crisis donors hit as fears grow over Blackbaud breach
Clients demand answers as cloud giant admits breach
Gold diggers: cyber criminals driven by the filthy lucra
Hack attack fears push UK cyber security to over £8bn