[BreachExchange] Data breach at National Lottery Community Fund is due to missing disks

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Aug 3 11:21:02 EDT 2021 

https://www.civilsociety.co.uk/fundraising/data-breach-at-national-lottery-community-fund-resulted-from-missing-disks.html

A data breach at the National Lottery Community Fund (NLCF) was caused when
two disks of personal data went missing, the funder has revealed.

NLCF last month warned that charities could be targeted by fraudsters,
after it became aware that six years of personal data had been affected by
a breach, including individual names, dates of birth and bank details.

The funder opened an investigation into the breach and reported itself to
the information watchdog.

Unencrypted disks

In an update posted on its website at the end of last week, NLCF said: “We
can now confirm that the data breach is due to two unencrypted disks being
identified as missing from a secure, access-controlled location on our
premises.

“Unfortunately, despite best efforts, we are unable to confirm whether they
are lost, stolen or destroyed.”

The statement added: “We are sorry for any worry this may cause, and want
to assure all our grant holders, past, present and future, that we take
your personal data seriously.”

Personal details

The disks included data provided by charities which had applied to its UK
Portfolio, England funding and Building Better Opportunities programmes
between 2013 and 2019.

NLCF said that the data includes “contact details (name, address, email and
land and mobile numbers), date of birth, bank details (name of bank
account, sort code and account number) and the applicant organisation’s
address and website”.

Still establishing details

NLCF also acknowledged that it was still working to confirm whose data had
been compromised.

In a new section added to the question-and-answer section of their website,
addressing whether NLCF would contact people affected by the breach, the
funder said: “We are working hard to try to establish more details.

“If it becomes possible to pinpoint exactly whose information is involved,
we will contact them. At the moment that is not the case.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210803/4e5daf28/attachment.html>

More information about the BreachExchange mailing list