The United Kingdom’s National Lottery administrator, Camelot, experienced a digital security incident impacting approximately 26.5 million user profiles. Although Camelot oversees a total of 9.5 million accounts and identified the compromise on Monday, they minimized the impact, indicating they detected “questionable actions” on a limited number of profiles.
They assert only 50 accounts displayed activity following the incident, primarily involving modifications to user details, and were swift to mention this could be authorized actions by the account owners themselves.
While no funds were taken or placed into accounts, Camelot acknowledges some private information kept on the impacted profiles may have been accessed.
Camelot is reaching out to all affected account holders and is mandating password changes. It’s crucial to understand that the perpetrators could not penetrate the main National Lottery infrastructure or any repositories containing data about drawings or winnings.
The prevailing hypothesis is that participants reused email and password pairings that were previously breached on other platforms. Camelot is presently examining how the security event transpired.
admin