Cyber Incident Victim: National Lottery

The National Lottery experienced a cybersecurity incident beginning on March 7, 2018, when attackers attempted unauthorized access to online player accounts using credential stuffing techniques. This method involved automated attempts to log in using email and password combinations previously leaked from other platforms and traded among fraudsters. Camelot, the lottery operator, detected suspicious activity through routine security monitoring, observing sporadic login attempts that initially blended with normal user behavior. The attack targeted an unspecified number of accounts within the lottery’s online platform, ultimately compromising approximately 150 accounts. Fewer than 10 of these breached accounts exhibited unauthorized activity, though Camelot confirmed no financial losses occurred for affected players. The incident unfolded days before a scheduled £14 million Euromillions draw, which proceeded without disruption.

Camelot responded by issuing a security notice to all 10.5 million registered online players, advising immediate password changes—particularly for those reusing credentials across multiple websites. The company suspended the 150 compromised accounts and directly contacted impacted users to assist with secure reactivation procedures. A public warning was posted on The National Lottery’s website under an "Important player notice" banner, acknowledging "suspicious activity on a very small number of players’ accounts." Camelot emphasized the attack’s limited scale, describing post-March 7 activity as "extremely low level" and "very sporadic." The operator attributed the breach’s partial success to credential stuffing’s prevalence, citing Akamai research indicating 43% of global login attempts during late 2017 involved credential abuse. No additional technical countermeasures or system compromises beyond the account intrusions were disclosed in the available reporting.