Serious data breach of charities’ information suffered by the National Lottery Community Fund

Leading data breach lawyers say that the recent announcement by the National Lottery Community Fund (NLCF), that they had suffered a data breach of personal data contained in funding applications, is likely to lead to substantial claims for compensation by the individuals and organisations affected.

In their statement, NLCF state that the breach relates to information provided to them as part of applications made to their UK Portfolio, England funding and Building Better Opportunities programmes between September 2013 and December 2019. Information provided outside these dates or to their Northern Ireland, Scotland and Wales funding programmes were not affected.

NLCF confirm that the personal data affected includes:

• Contact details including name, address, email and land and mobile numbers;
  date of birth
• Bank details including name of bank account, sort code and account number (but does not include bank account PINs, passwords or bank card details)
• Organisation’s address and website

NLCF state that their investigations are continuing and that other personal data may be affected but provide no further details.

NLCF then advise those who consider that they may be affected to consider updating the passwords on their accounts, looking out for phishing emails or fraudulent activity on their bank accounts and consider running credit checks against the names and addresses provided to enable them to spot any fraudulent applications being made. For those with concerns, they have provided a Helpline telephone number (0345 4 10 20 30) and dedicated email address data.breach@tnlcommunityfund.org.uk.

If you think you have been affected and would like to find out more information about a potential claim, please fill in our form.

Please be assured that we treat all personal data in accordance with our privacy policy.

Compensation

Sean Humber, a data breach specialist at Leigh Day, who has successfully acted in a series of claims for those suffering the unauthorised disclosure of their personal information over the last 20 years, stated:

“Only limited information has been provided so far in relation to this data breach. However, on the face of it, this seems a serious incident given that those affected’s bank account details have been disclosed.

“Sadly, the NLCF’s failure to keep this information safe is likely to represent a breach of the duty of confidence they owe to those affected and a misuse of their private information as well as being a breach of the NLCF’s obligations under General Data Protection Regulation (GDPR).

"As such, those affected, are likely to be entitled to compensation for the loss of control over this information, the distress and anxiety caused by the breach as well as any financial losses that they may have suffered. Furthermore, given that the data breach includes financial information, this compensation could be significant.

“It is important to remember that these claims for compensation would be entirely separate from any regulatory fine that the NLCF may now face from the Information Commissioner’s Office if it is found that they have breached the GDPR.”

Gene Matthews, a data breach solicitor at Leigh Day, who has successfully acted in a succession of group claims over the last 15 years, added:

“This is likely to be an uncertain and worrying time for those affected. It is important that the NLCF keep those affected fully updated about the breach, including what happened, who was responsible, what personal information has been accessed and whether there is any evidence that it has been published further. In the meantime, they must also pay for those potentially affected to purchase identity theft and fraud monitoring protection.”

If you have been affected by this data breach and wish to receive more information about bringing a claim for compensation on a “no win, no fee” basis then please get in touch by completing our form.