Cyber Incident Victim: Gatherwell Limited

On December 1, 2023, Gatherwell Limited, the regulated lottery manager operating Havant Borough Community Lottery on behalf of Havant Borough Council, was notified of a data security incident. The breach specifically affected customers who had enrolled in direct debit payment services for the lottery on or before November 8, 2023. Investigations revealed the compromise originated from a cyber attack targeting London & Zurich (L&Z), a third-party payment processor contracted by Gatherwell to handle direct debit collections. Gatherwell confirmed its own lottery management systems remained unaffected by the intrusion. The attack vector and nature of unauthorized access to L&Z's systems were not disclosed in public communications.

The incident exclusively impacted individuals using direct debit payments for lottery entries, with no risk exposure for customers utilizing alternative payment methods. Havant Borough Council emphasized this distinction in its public notification, directing affected parties to a dedicated informational resource via hyperlink. No specifics regarding the compromised data categories—such as financial details, contact information, or personal identifiers—were disclosed. Similarly, the council’s communication did not quantify the number of affected customers or describe containment measures implemented by L&Z or Gatherwell. The public advisory focused on confirming the breach’s origin, delineating its scope, and directing impacted users to official channels for further guidance.