A data breach at the National Lottery Community Fund has left more than six years of contact and bank details exposed to fraudulent behaviour.
The grant-giver has apologised after data provided to it between September 2013 and December 2019 by UK Portfolio, England funding and Building Better Opportunities customers was breached.
The NLCF declined to confirm how the breach occurred or how many individuals or organisations were affected, only that customers in its Northern Ireland, Scotland and Wales funding programmes were unaffected.
It said that by customers, it meant those who were in the process of applying for a grant as well as existing grant-holders supplying information to it at the time.
The data includes contact details (name, address, email and landline and mobile numbers), date of birth, bank details (name of bank account, sort code and account number) and the applicant organisation’s address and website.
It said it did not include bank account PINs, passwords or bank card details, because it did not collect that information.
But the NLCF said that as it is an ongoing investigation other personal data might be affected and it would update its website once it had confirmation.
In a statement, it said: “We are looking into the matter fully to understand what has happened, but we need to make any UK Portfolio, England funding or Building Better Opportunities customers who supplied this type of information to us during this date range aware that their data could be at risk.
“We are sorry for the worry and inconvenience this may cause and want to assure all our grant-holders, past, present and future, that we take your personal data seriously.
“We will be working to ensure that our standards going forward are what you would expect.”
The grant-giver has reported the data breach to the Information Commissioner’s Office.
Customers that believe they could be affected are being urged to update the passwords on their accounts, look out for phishing emails or fraudulent activity on their bank account and consider running a credit check against their name and address to help identify any fraudulent applications being made in their name.
The NLCF said it had set up a dedicated email address for organisations that wanted to know more about how the breach might affect them.