Distributor of funding to good causes is so far quiet on nature of breach and number of potential victims

UK National Lottery Community Fund data breach impacts grant applicants

UPDATED The UK National Lottery Community Fund has reported a data breach exposing the sensitive personal data, including bank account information, of grant holders and applicants.

The National Lottery Community Fund distributes funds raised by National Lottery ticket sales to various good causes, awarding more than £588 million ($807 million) to 8,189 community projects in 2019 and 2020.

Catch up on the latest data breach news and analysis

“The breach relates to data provided to us between September 2013 and December 2019 by UK Portfolio, England funding and Building Better Opportunities customers,” said the public body in a data breach notice posted yesterday (July 22).

Anyone who has submitted grant applications via National Lottery funding programs for Northern Ireland, Scotland, and Wales are not affected by the breach, it added.

The compromised data was submitted both during grant applications and by existing grant holders supplying additional information.

The organization did not indicate how the breach occurred or how many victims might be involved.

Exposed data

The National Lottery Community Fund said exposed data includes names, physical addresses, email addresses, landline and mobile numbers, dates of birth, bank account details, and applicant organizations’ addresses and websites.

The organization emphasized that bank account PINs, passwords, and bank card details were not involved since it does not collect such details.

DEEP DIVE Cybersecurity for charities: How to protect your non-profit from cyber-attacks

“This is an ongoing investigation however, and other personal data may be affected – we will update our website if this is confirmed,” it added.

The National Lottery Community Fund said it has reported the incident to the Information Commissioner’s Office (ICO).

Advice, apologies

Anyone who thinks they may be affected has been urged to consider updating passwords for their online accounts, and watch out for phishing emails or phone calls, and fraudulent activity on their bank accounts.

“We are sorry for the worry and inconvenience this may cause,” said the National Lottery Community Fund.

“This is the first time we have reported a data breach to the ICO. We have a long track record of serving communities and our grant holders efficiently and securely – we have made a mistake here, and we want to reassure grant holders that we are taking this incident seriously and are committed to learning and improving from it.”

A spokesperson from The National Lottery Community Fund told The Daily Swig: “Our priority here is to support customers. Due to the nature of the data involved it is highly unlikely that we will be able to identify specific customers.

“Given this we are sharing everything we know now that will help customers to understand whether they may be affected or not, as well as information on how those affected can protect themselves. We are still actively looking into it and will update our website as further information becomes available.”

This article was updated on July 23 with additional comments from the National Lottery Community Fund.

RELATED Italian hosting firm Aruba.it defends data breach notification delay