Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts. Camelot downplays significance of the incident – which didn t result in financial fraud but might nonetheless have exposed the personal details of thousands. The company locked down accounts, triggered compulsory password resets and contacted those affected directly. No money has been deposited or withdrawn from affected player accounts, Camelot said. The ICO said that the body has launched an investigation into the incident.
Source: https://www.theregister.com/2016/11/30/national_lottery_breach/