[BreachExchange] Details of some 450, 000 Dutch lottery players accessible to hackers

[Audrey McNeil]

http://nltimes.nl/2017/04/03/details-450000-dutch-lottery-
players-accessible-hackers

The Dutch National Charity Lotteries issued an apology because a data leak
resulted in details of 450 thousand players being accessible to hackers.
About 900 players' bank account numbers were also visible. This involves
participants of the Nationale Postcode Loterij, VriendenLoterij and the
Bank Giro Loterij, NU.nl reports.

The Lotteries' apology was published as an advertisement in several
newspapers. The ad states that details of 600 thousand players were leaked.
But a spokesperson told NU.nl that further investigation revealed that only
450 thousand players were affected. "We had to send in the ad on Friday
already, but further investigation showed over the weekend that there were
several duplicate accounts."

Due to the leak hackers had access to players names, addresses, phone
numbers and dates of birth. The leak was noticed by security investigator
Ndvenull. He managed to get into the servers of OpenOfferte, one of the
Lotteries' suppliers. OpenOfferete sends letters notifying players of
prizes they won on behalf of the lottery.

The Lotteries cut ties with OpenOfferte and the vulnerable computer systems
were disabled. This may mean that lottery winners will get their prizes
later than usual, but the lotteries guarantee that all prizes will be sent.

The data leak was also reported ot the Personal Data Authority, as is
required by law. The persons whose details were leaked were informed. The
Lotteries stress that there is no indication that the data is on the
streets. As far as can be determined so far, only Ndevnull accessed the
data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170403/01f163ac/attachment.html>