The accounts of 26,500 National Lottery online players have been hacked, its operator has admitted.
Camelot’s own servers were not compromised. It said that hackers had used login details stolen elsewhere that worked because some people use the same password for multiple accounts.
In a statement the company said: “We don’t hold full debit card or bank account details in players’ online accounts and no money has been taken. However, we do believe this attack may have resulted in some personal information that affected players hold in their online account being accessed.
“Depending on what type of account a player has with us, data accessed could include name, contact details, date of birth, transaction history and account preferences and settings.”
Camelot said it was making the affected players reset their passwords and had suspended the accounts of about 50 people whose account details had been changed — although it wasn’t yet clear whether they were changed by the account owners or by hackers.
It stressed that the hackers had not accessed IT systems that could affect prize draws or payouts.
While the attackers haven’t accessed lottery players’ money, they may be able to use any personal information for fraud or other criminal activity.