An ICO spokesperson said:

“We are aware of this incident and we have launched an investigation.  Camelot submitted a breach report to us last night which we have reviewed. We will be talking to Camelot today.

“The Data Protection Act requires organisations to do all they can to keep personal data secure – that includes protecting it from cyber attacks. Where we find this has not happened, we can take action. Organisations should be reminded that cyber security is a matter for the boardroom, not just the IT department.”