UK National Lottery Community Fund data breach impacts grant applicants

Distributor of funding to good causes is quiet on nature of breach and number of potential victims

The UK National Lottery Community Fund has reported a data breach exposing the sensitive personal data, including bank account information, of grant holders and applicants.

The National Lottery Community Fund distributes funds raised by National Lottery ticket sales to various good causes, awarding more than £588 million ($807 million) to 8,189 community projects in 2019 and 2020.

Catch up on the latest data breach news and analysis

“The breach relates to data provided to us between September 2013 and December 2019 by UK Portfolio, England funding and Building Better Opportunities customers,” said the public body in a data breach notice posted yesterday (July 22).

Anyone who has submitted grant applications via National Lottery funding programs for Northern Ireland, Scotland, and Wales are not affected by the breach, it added.

The compromised data was submitted both during grant applications and by existing grant holders supplying additional information.

The organization did not indicate how the breach occurred or how many victims might be involved.

Exposed data

The National Lottery Community Fund said exposed data includes names, physical addresses, email addresses, landline and mobile numbers, dates of birth, bank account details, and applicant organizations’ addresses and websites.

The organization emphasized that bank account PINs, passwords, and bank card details were not involved since it does not collect such details.

DEEP DIVE Cybersecurity for charities: How to protect your non-profit from cyber-attacks

“This is an ongoing investigation however, and other personal data may be affected – we will update our website if this is confirmed,” it added.

The National Lottery Community Fund said it has reported the incident to the Information Commissioner’s Office (ICO).

Advice, apologies

Anyone who thinks they may be affected has been urged to consider updating passwords for their online accounts, and watch out for phishing emails or phone calls, and fraudulent activity on their bank accounts.

“We are sorry for the worry and inconvenience this may cause,” said the National Lottery Community Fund.

“This is the first time we have reported a data breach to the ICO. We have a long track record of serving communities and our grant holders efficiently and securely – we have made a mistake here, and we want to reassure grant holders that we are taking this incident seriously and are committed to learning and improving from it.”

The Daily Swig has put additional questions to the National Lottery Community Fund. We will update the article accordingly should we receive replies.

RELATED Italian hosting firm Aruba.it defends data breach notification delay