Personal details linked to thousands of charities could be at risk following a data breach at the National Lottery Community Fund (NLCF).
The data includes the names, dates of birth and bank details of people who applied for funds from NLCF’s UK portfolio, England funding or Building Better Opportunities programme between September 2013 and December 2019.
NLCF did not disclose details of how the breach occurred, but said that an investigation was ongoing and that it was “too early to say” how many individuals may be affected. The programmes concerned receive thousands of applications every year.
The funder has reported itself to the Information Commissioner's Office and urged people to watch out for fraudulent activity on their bank accounts or phishing emails. It could not rule out the possibility that other personal data had been affected.
NLCF has also set up a dedicated email address and phone number for anyone with concerns or questions, and apologised to everybody affected.
In a statement posted online on Thursday afternoon, NLCF said it had become aware of a breach relating “to data provided to us between September 2013 and December 2019 by UK Portfolio, England funding and Building Better Opportunities customers”.
Applicants to NLCF programmes in Northern Ireland, Scotland and Wales are not affected.
The statement continued: “By customers we mean those who were in the process of applying for a grant as well as existing grant holders supplying information to us at that time.
“The data includes contact details (name, address, email and land and mobile numbers), date of birth, bank details (name of bank account, sort code and account number) and the applicant organisation’s address and website. It does not include bank account PINs, passwords or bank card details as we do not collect them.
“This is an ongoing investigation however, and other personal data may be affected. We will update our website if this is confirmed.”
When asked how many individuals had been affected, an NLCF spokesperson said the funder is “still investigating so it’s simply too soon to say”, and stressed that their priority was alerting customers quickly so that they could protect themselves if necessary.
Warning about fraud
NLCF advised charities to change their passwords and be extra vigilant about potential fraud.
The statement added: “We are looking into the matter fully to understand what has happened, but we need to make any UK Portfolio, England funding or Building Better Opportunities customers who supplied this type of information to us during this date range aware that their data could be at risk.
“If you believe you may be affected, we would urge you to consider updating the passwords on your accounts (ensuring you use strong, unique passwords), look out for phishing emails or fraudulent activity on your bank account and consider running a credit check against your name and address to enable you to spot any fraudulent applications being made in your name.”
Applicants with further concerns have been urged to call NLCF’s England Advice Team helpline or use the dedicated email address [email protected].
NLCF said: “We are sorry for the worry and inconvenience this may cause and want to assure all our grant holders, past, present and future, that we take your personal data seriously.
“We will be working to ensure that our standards going forward are what you would expect.
“We know that you will be keen to understand whether your personal information is involved or not.”