Missing disks revealed as cause of National Lottery Community Fund data breach

The National Lottery Community Fund (NCLF) has revealed further details around a data breach that has been reported to the Information Commissioner’s Office.

The breach relates to data provided to the Fund between 2013 and 2019 involving information, including bank details of grant holders and those applying for awards.

The Fund has revealed that the breach is due to two encrypted disks “being identified as missing from a secure, access-controlled location on our premises”.

“Unfortunately, despite best efforts, we are unable to confirm whether they are lost, stolen or destroyed,” said the NLCF.

“We are sorry for any worry this may cause and want to assure all our grant holders, past, present and future, that we take your personal data seriously.”
Involved in the data breach is information relating to NLCF’s UK Portfolio, which looks at innovative approaches to supporting communities, England funding and Building Better Opportunities, which funds projects that tackle poverty and social inclusion.

Information includes those in the process of applying for a grant as well as existing grant holders.

Names, addresses, emails as well a phone and mobile numbers are among information involved.

Bank details, date of birth as well as website details are also included.

NLCF stresses that the breach does not involve bank account PINs, passwords or bank card details “as we do not collect them”.

The Fund’s statement adds: “This is an ongoing investigation however, and other personal data may be affected – we will update our website if this is confirmed.

“We are looking into the matter fully to understand what has happened, but we need to make any UK Portfolio, England funding or Building Better Opportunities customers who supplied this type of information to us during this date range aware that their data could be at risk.

“If you believe you may be affected, we urge you to consider updating the passwords on your accounts (ensuring you use strong, unique passwords), look out for phishing emails or fraudulent activity on your bank account and consider running a credit check against your name and address to enable you to spot any fraudulent applications being made in your name.”

    Share Story:

Recent Stories


Charity Times video Q&A: In conversation with Hilda Hayo, CEO of Dementia UK
Charity Times editor, Lauren Weymouth, is joined by Dementia UK CEO, Hilda Hayo to discuss why the charity receives such high workplace satisfaction results, what a positive working culture looks like and the importance of lived experience among staff. The pair talk about challenges facing the charity, the impact felt by the pandemic and how it's striving to overcome obstacles and continue to be a highly impactful organisation for anybody affected by dementia.
Charity Times Awards 2023

Mitigating risk and reducing claims
The cost-of-living crisis is impacting charities in a number of ways, including the risks they take. Endsleigh Insurance’s* senior risk management consultant Scott Crichton joins Charity Times to discuss the ramifications of prioritising certain types of risk over others, the financial implications risk can have if not managed properly, and tips for charities to help manage those risks.

* Coming soon… Howden, the new name for Endsleigh.