The Dutch National Charity Lotteries issued an apology because a data leak resulted in details of 450 thousand players being accessible to hackers. About 900 players’ bank account numbers were also visible. This involves participants of the Nationale Postcode Loterij, VriendenLoterij and the Bank Giro Loterij, NU.nl reports.
The Lotteries’ apology was published as an advertisement in several newspapers. The ad states that details of 600 thousand players were leaked. But a spokesperson told NU.nl that further investigation revealed that only 450 thousand players were affected. “We had to send in the ad on Friday already, but further investigation showed over the weekend that there were several duplicate accounts.”
Due to the leak hackers had access to players names, addresses, phone numbers and dates of birth. The leak was noticed by security investigator Ndvenull. He managed to get into the servers of OpenOfferte, one of the Lotteries’ suppliers. OpenOfferete sends letters notifying players of prizes they won on behalf of the lottery.
The Lotteries cut ties with OpenOfferte and the vulnerable computer systems were disabled. This may mean that lottery winners will get their prizes later than usual, but the lotteries guarantee that all prizes will be sent.
The data leak was also reported ot the Personal Data Authority, as is required by law. The persons whose details were leaked were informed. The Lotteries stress that there is no indication that the data is on the streets. As far as can be determined so far, only Ndevnull accessed the data.