About 26,500 National Lottery accounts have been accessed by hackers, according to its operator Camelot.
The company says they've recorded "suspicious activity" on a small proportion of the 9.5 million players registered online, indicating that people's login details, such as email and passwords, may have been stolen from other websites.
Camelot says hackers were not able to access "core National Lottery systems."
"We do not hold full debit card or bank account details in National Lottery players' online accounts and no money has been taken or deposited," Camelot said. "However, we do believe that this attack may have resulted in some of the personal information, that the affected players hold in their online account, being accessed."
Fewer than 50 accounts have been suspended since the cyber attack after their personal details were changed — though "some of these details may have been changed by the players themselves," Camelot said.
The firm is contacting the owners of the accounts believed to have been compromised and instructing them to change their passwords. "We'd like to reassure our customers that protecting their personal data is of the utmost importance to us," Camelot's statement added.
"We are very sorry for any inconvenience this may cause to our players and would like to encourage those with any concerns to contact us directly, so we can discuss it with them in more detail."