The National Lottery Community Fund has said that two missing unencrypted disks were the cause of the data breach that it warned charities about last month.
The grant-maker had said that more than six years’ worth of contact and bank details had potentially been exposed to fraud. It said the breach involved data provided to it between September 2013 and December 2019 by UK Portfolio, England funding and Building Better Opportunities customers.
It declined to confirm how many individuals or organisations were part of the breach, only that customers in its Northern Ireland, Scotland and Wales funding programmes were not affected.
It said the missing data included contact details (name, address, email and landline and mobile numbers), date of birth, bank details (name of bank account, sort code and account number) and the applicant organisation’s address and website.
In an update posted on the grant-maker’s website on Friday, the NLCF said: “We can now confirm that the data breach is due to two unencrypted disks being identified as missing from a secure, access-controlled location on our premises.
“Unfortunately, despite best efforts, we are unable to confirm whether they are lost, stolen or destroyed.”
It reiterated its apology to any organisations that might have been affected and said it wanted to reassure all grant-holders that it took dealing with personal data seriously.
It urged anyone who had concerns to call its England advice team helpline on 03454 102030 or email firstname.lastname@example.org.