Important data security update
20 December 2023
What happened?
Wolverhampton Community Lottery is run on behalf of Wolverhampton Voluntary & Community Action by Gatherwell Limited (Gatherwell), who are a large, experienced and regulated lottery manager.
On Friday 1 December, Gatherwell were informed that a data breach had taken place. This impacted customers who had signed up for direct debit services on or before 8 November 2023. We now know that this breach was caused by a cyber attack against a third party organisation, London & Zurich (L&Z), which was appointed by Gatherwell to handle direct debit collections. Gatherwell’s lottery system was not impacted by the cyber attack.
If you do not pay for your lottery entries by direct debit, this data breach does not impact you.
What kind of data is affected?
The types of data impacted are full name, email address, billing address, phone number and bank account details (account number and sort code). No government-issued ID data (e.g. passport number, national insurance number) or payment card data was compromised as a result of the incident.
Is my data at risk?
Gatherwell has received assurances from L&Z that the affected data has been recovered, and steps have been taken to protect your data and prevent similar situations in the future.
There is no evidence that your data has been published, passed on to any third parties or misused in any way, however we recommend that you be extra vigilant about sharing your information with anyone, whether that be over the phone, by email or otherwise. We will only email you about Wolverhampton Community Lottery via our dedicated support email address: [email protected]
Both Wolverhampton Voluntary & Community Action, and Gatherwell have reported the incident to the Information Commissioner’s Office (ICO), who may carry out their own investigation.
I don’t play the lottery anymore. Why am I being told about this?
Direct debit payments are covered by the Direct Debit Guarantee, which protects you in case that a mistake is made when a payment is collected, for example if the wrong amount of money is taken from your bank account. This means that L&Z continues to hold your data after you have cancelled your direct debit so that it can handle refund claims under the Direct Debit Guarantee.
Do I need to change my password?
This incident is limited to L&Z’s direct debit processing system. Gatherwell’s lottery system was not impacted. As such, you do not need to change your password on the Wolverhampton Community Lottery website.
How will you keep my data safe in the future?
L&Z’s servers which host their direct debit system have been rebuilt in a new environment, which has been thoroughly tested for vulnerabilities by an external cyber security expert.
Whilst it is never possible to completely eliminate the risk of a cyber attack, L&Z has robust technical and security measures in place to guard against similar attacks in the future.
We take the safety of your information very seriously, and we sincerely apologise for any concern or inconvenience this incident may cause you.
Our causes are on track to raise £7,893.60 this year
253 tickets of our 3,050 ticket goal
More top stories
Giving Tuesday '23 is approaching!
Giving Tuesday is approaching, and it could be the perfect time to sign up to our community fundraising lottery! With no setup costs , and no hassle , you could unlock unlimited monthly fundraisi...
18 October 2023
Moving to 18+ is now complete
As we’re sure you’ve seen by now, the UK government has unveiled its long-awaited white paper titled "High Stakes: Gambling Reform for the Digital Age". This follows the government's revie...
02 October 2023
Our causes are on track to raise £7,893.60 this year
253 tickets of our 3,050 ticket goal