14 DAY TRIAL // About 450,000 subscribers to charity lotteries may have had their data compromised in a data breach, Dutch lotteries announced.
According to Dutch News, the BankGiro Loterij, Postcode Loterij, and VriendenLoterij are the three organizations that took out newspaper ads to alert players that a security breach had taken place. The vulnerability, they said, could give hackers access to the names, addresses, and emails of about 450,000 customers. The situation is even worse for 900 of these people where the data set also included bank details and the date of birth, which makes them extremely vulnerable to identity theft and bank fraud.
According to the lotteries, an IT specialist found the leak in the record keeping systems of a company responsible for distributing post to those who were lucky enough to win the prizes.
According to the contract the company had with the lotteries, the data was supposed to be deleted after eight days, but the company failed to do so. Therefore, when hackers hit, they stumbled upon the full database containing north of 450,000 records. Originally, it was believed the number was closer to 600,000, but the figure was revised after the leak was analyzed in depth.
So far, so good
Up until now, there is no indication that the personal details of the customers of these lotteries were shared publicly, but only time will tell if the hackers are planning to dump it all online, sell it on the black market, or try to make use of it on their own.
The company that was hacked and which is responsible for the data breach since it did not delete the data it had on so many customers has been fired by the three lotteries. After the contract was terminated, the computer system was also taken offline so an in-depth analysis could be performed.