Dutch charity lotteries apologize for exposing player data

TAGs: Nederlandse Loterij, Netherlands, Nyx Gaming

dutch-charity-lottery-player-data-exposedOnline gambling technology supplier NYX Gaming Group has inked a long-term deal with the Netherlands’ newly formed national lottery operator.

On Monday, NYX announced it had been selected as the new platform provider for Nederlandse Loterij, the entity formed last April via the merger of De Lotto and Nederlandse Staatloterij. The NYX Open Platform System will act as a player management system, handling all lottery and sports betting products through retail and digital channels.

Nederlandse Loterij, which encompasses such brands as Staatsloterij, Lotto, Toto, Eurojackpot, Miljoenenspel, Lucky Day and Kraslote, will also benefit from the use of NYX’s Open Gaming System, as well as full support and maintenance.

In less positive news, three Dutch charity lotteries have been forced to take out newspaper advertisements apologizing to some 450k customers whose personal data was left unprotected due to a third-party online security vulnerability.

The BankGiro Loterij, Postcode Loterij and Vrinden Loterij said an IT specialist identified as ‘Ndvenull’ had discovered that OpenOfferete, the company tasked with sending letters to customers alerting them that they’ve won a lottery prize, had failed to delete these winners’ personal details after eight days, as the company’s contract stipulated.

The company’s contract has since been terminated and the servers have been taken offline, but the lotteries estimated that hackers could have accessed the names, addresses, phone numbers and email addresses of roughly 450k customers, while an unlucky 900 customers also had their banking details exposed.

The lotteries have set up a hotline to respond to customer questions regarding the incident, which has also been reported to the Personal Data Authority, as required by Dutch law. However, the lotteries stressed that at this point there’s no evidence that the data was accessed by anyone other than the security firm that originally detected the vulnerability.


views and opinions expressed are those of the author and do not necessarily reflect those of