A data breach at the National Lottery Community Fund (NLCF) was caused when two disks of personal data went missing, the funder has revealed.
NLCF last month warned that charities could be targeted by fraudsters, after it became aware that six years of personal data had been affected by a breach, including individual names, dates of birth and bank details.
The funder opened an investigation into the breach and reported itself to the information watchdog.
In an update posted on its website at the end of last week, NLCF said: “We can now confirm that the data breach is due to two unencrypted disks being identified as missing from a secure, access-controlled location on our premises.
“Unfortunately, despite best efforts, we are unable to confirm whether they are lost, stolen or destroyed.”
The statement added: “We are sorry for any worry this may cause, and want to assure all our grant holders, past, present and future, that we take your personal data seriously.”
The disks included data provided by charities which had applied to its UK Portfolio, England funding and Building Better Opportunities programmes between 2013 and 2019.
NLCF said that the data includes “contact details (name, address, email and land and mobile numbers), date of birth, bank details (name of bank account, sort code and account number) and the applicant organisation’s address and website”.
Still establishing details
NLCF also acknowledged that it was still working to confirm whose data had been compromised.
In a new section added to the question-and-answer section of their website, addressing whether NLCF would contact people affected by the breach, the funder said: “We are working hard to try to establish more details.
“If it becomes possible to pinpoint exactly whose information is involved, we will contact them. At the moment that is not the case.”