Camelot, who run the National Lottery, have confirmed in a statement that some customer accounts may have been accessed by cyber criminals.
Camelot said in an online statement: “We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.”
The National Cyber Security Centre (NCSC) has been working with the National Crime Agency (NCA) and Camelot Group to investigate the incident. A criminal investigation is now underway under the leadership of the National Crime Agency.
What to do if you are affected?
- Follow Camelot’s advice and ensure you reset the password on any service where you have used a similar password. Use three words which mean something to you but are random to others - this creates a password that is strong and more memorable.
- Be very wary of emails or text messages purporting to come from Camelot, particularly if they prompt you to click any links, download any attachments or give out any personal information. Camelot are contacting those affected, but if you are in doubt and want to check their authenticity, get in contact with them on their verified Twitter account or website.
- If you have fallen victim to fraud or need advice on what to do if your account has been compromised, contact Action Fraud.
- If you are generally concerned, you can look on services like HaveIBeenPwnd.com to see if your username or email address has been involved in a breach. You should definitely take action if you are listed, but services like this are not 100% accurate
- Consider enabling two factor authentication (also known as two step authentication or two step login) where services support it.
- For additional online safety advice visit Get Safe Online and Cyber Aware.