Important data security update
14 December 2023
Data security incident affecting East Hampshire Community Lottery supporters who pay by direct debit
East Hampshire Community Lottery is run on behalf of East Hampshire Distirct Council by Gatherwell Limited (Gatherwell), who are a large, experienced and regulated lottery manager.
On Friday 1 December, Gatherwell were informed that a data breach had taken place. This impacted customers who had signed up for direct debit services on or before 8 November 2023. We now know that this breach was caused by a cyber attack against a third party organisation, London & Zurich (L&Z), which was appointed by Gatherwell to handle direct debit collections. Gatherwell’s lottery system was not impacted by the cyber attack.
If you do not pay for your lottery entries by direct debit, this data breach does not impact you.
What kind of data is affected?
The types of data impacted are full name, email address, billing address, phone number and bank account details (account number and sort code). No government-issued ID data (e.g. passport number, national insurance number) or payment card data was compromised as a result of the incident.
Is my data at risk?
Gatherwell has received assurances from L&Z that the affected data has been recovered, and steps have been taken to protect your data and prevent similar situations in the future.
There is no evidence that your data has been published, passed on to any third parties or misused in any way, however, we recommend that you be extra vigilant about sharing your information with anyone, whether that be over the phone, by email or otherwise. We will only email you about the East Hampshire Community Lottery via our dedicated support email address [email protected]
Both East Hampshire District Council and Gatherwell have reported the incident to the Information Commissioner’s Office (ICO), who may carry out their own investigation. We have also reported the incident to the Gambling Commission as a precautionary measure.
I don’t play the lottery anymore. Why am I being told about this?
Direct debit payments are covered by the Direct Debit Guarantee, which protects you in case a mistake is made when a payment is collected, for example, if the wrong amount of money is taken from your bank account. This means that L&Z continue to hold your data after you have cancelled your direct debit so that it can handle refund claims under the Direct Debit Guarantee.
Do I need to change my password?
This incident is limited to L&Z’s direct debit processing system. Gatherwell’s lottery system was not impacted. However, you may wish to change your password for the East Hampshire Community Lottery website as a precaution.
How will you keep my data safe in the future?
L&Z’s servers which host their direct debit system have been rebuilt in a new environment, which has been thoroughly tested for vulnerabilities by an external cyber security expert.
Whilst it is never possible to completely eliminate the risk of a cyber attack, L&Z has robust technical and security measures in place to guard against similar attacks in the future.
What should I do if I notice suspicious activity in my bank account?
In any event, we recommend that you notify your bank immediately if you notice any suspicious activity.
We take the safety of your information very seriously, and we sincerely apologise for any concern or inconvenience this incident may cause you.
More top stories
Giving Tuesday '23 is approaching!
Giving Tuesday is approaching, and it could be the perfect time to sign up to our community fundraising lottery! With no setup costs , and no hassle , you could unlock unlimited monthly fundraisi...
18 October 2023
Moving to 18+ is now complete
As we’re sure you’ve seen by now, the UK government has unveiled its long-awaited white paper titled "High Stakes: Gambling Reform for the Digital Age". This follows the government's revie...
02 October 2023