National Cyber Security Centre
Camelot UK Lotteries Incident
Camelot UK Lotteries and related NCSC Guidance.
Camelot UK Lotteries has confirmed an incident that they estimate affects around 26,500 online player accounts. They are in the process of contacting them all.
The National Cyber Security Centre (NCSC) has been working with the National Crime Agency (NCA) and Camelot UK Lotteries to investigate the incident.
A criminal investigation is now underway under the leadership of the National Crime Agency.
Due to the type of data involved our advice for National Lottery customers with online accounts is:
- Follow Camelot’s advice and ensure you reset the password on any service where you’ve used a similar password.
- If you are generally concerned, you can look on services like www.HaveIBeenPwnd.com to see if your username or email address has been involved in a breach. You should definitely take action if you are listed, but services like this are not 100% accurate.
- Users should always enable two factor authentication (also known as two step authentication or two step login) where services support it.
Even if you are not a Camelot customer but have used a service that’s previously reported a data breach, you should reset the password on every service where you’ve used a similar password.
Secondary fraud and phishing is sometimes enabled by a data breach. You should be aware of any attempted communication purporting to be from Camelot. Advice for individuals on how to create strong passwords can be found on Cyber Aware.
Advice for organisations
As the national authority on cyber security, the roles of the National Cyber Security Centre in an incident of this kind are to:
- Provide all possible support to law enforcement;
- Work with the company concerned to manage the incident and bring it to a conclusion;
- Investigate the root causes of the incident and factor in any lessons learned to future guidance and policy on cyber security.
In the case of cyber related attacks, it can, on certain occasions, take a significant period of time to understand the incident given the technical complexities involved. And it is vital that nothing is said publicly that could interfere with law enforcement inquiries.
Latest News from
National Cyber Security Centre
Diversity and inclusion in cyber security workforce revealed for the first time29/07/2020 11:15:00
NCSC vows to drive cross-sector improvement as joint report with KPMG reveals more to be done to improve experiences and opportunities.
NCSC announces Lindy Cameron as new CEO28/07/2020 16:15:00
Lindy Cameron has been announced as the new CEO of the National Cyber Security Centre.
Cyber innovators set on fast track to success28/07/2020 14:15:00
The NCSC welcomes 6 new start-up companies onto the Cyber Accelerator programme.
Alert: Potential legacy risk from malware targeting QNAP NAS devices27/07/2020 16:38:00
A joint NCSC and CISA alert detailing the legacy risk of the malware Qsnatch to QNAP NAS devices.
Defences tested as cyber attackers take aim at UK sports sector23/07/2020 14:15:00
New report on the cyber threat to sports organisations reveals a range of attacks by hackers.
UK and allies expose Russian attacks on coronavirus vaccine development17/07/2020 16:15:00
Joint advisory details APT29’s ongoing campaign to target organisations involved in COVID-19 vaccine development.
NCSC statement: cyber attack on Twitter17/07/2020 11:15:00
An NCSC statement on the reported attack on Twitter.
Government advances plans to boost security of smart products17/07/2020 08:12:00
New details on proposals to bring security requirements for smart devices into law.