The company maintained that its internal systems were not breached, but rather that player login details had been stolen from other sources. Suspicious activities, involving fewer than 50 accounts, were noted on the compromised profiles.

It’s important to understand that The National Lottery does not store full debit card or bank account information within players’ online accounts; therefore, no monetary transactions occurred as a result of these incidents.

In response to this matter, the Information Commissioner’s Office has initiated an investigation. Camelot is currently reaching out to affected account holders and advising them to update their passwords immediately.

Regarding recent security breaches targeting the UK public, James Romer, Chief Security Architect for EMEA at SecureAuth Corporation, commented: This breach is part of a series that includes incidents involving Three Mobile and Deliveroo within just one month. While improving personal cybersecurity by avoiding password reuse and using a password manager can significantly enhance an individual’s security stance, today’s event emphasizes the urgent need to fortify access controls.

For too long, organizations have relied solely on passwords as their primary method of authentication, which is no longer sufficient or secure enough to safeguard critical applications and data. Thankfully, in this case, no financial information was compromised. However, it serves as a crucial reminder for businesses to enhance their defenses against cyber threats through the use of advanced adaptive authentication solutions.”