A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.
People’s Postcode Lottery (PPL) subscribers briefly saw other players’ personal information when logging into the site on Monday. The exposed data included names, addresses, email addresses, and dates of birth.
According to forum posts, each time users refreshed their homepage, a different user’s details appeared.
PPL yanked the service offline within 17 minutes of discovering the issue on October 27, and all services were restored at 09:00 UTC on October 29. The company said a “technical error” caused the leak, with no evidence of external attack.
Last year PPL reported that 4.9 million people subscribed to its service, which sees Brits pay £12.25 (around $16) per month to be entered into a prize draw. An investigation after the glitch revealed that only 0.1 percent of the lottery’s players were affected.
All customers that were exposed have received email notifications and a year of free Experian credit monitoring.
“We are very sorry this happened,” it said. “We take our responsibility to our players extremely seriously and we can confirm that we have reported this issue to the Information Commissioner’s Office.”
“We are working to ensure an incident of this kind cannot happen again in future,” a company spokesperson added.
Instead of normal lottery numbers, PPL’s competition draws UK postcodes and all subscribers who reside in the selected postcode win a share of different prize pools.
PPL takes 30 percent of players’ ticket prices and gives the sum to good causes. It claims to have raised more than £1.5 billion ($1.9 billion) for 126 charities since 2005. ®