Data of Sun website users stolen

  • Published
Lulz Security's spoof page
Image caption,

Visitors to the Sun's website were redirected to this spoof page

Thousands of people who entered competitions on The Sun website have been warned that their personal information may have been stolen.

The paper's publisher, News Group, said the data was taken when the site was hacked on 19 July.

Some of the details, including applications for the Miss Scotland contest, have been posted online.

The company said it had reported the matter to the police and the Information Commissioner.

News International, News Group's parent company, issued a statement that said: "We take customer data extremely seriously and are working with the relevant authorities to resolve this matter.

"We are directly contacting any customer affected by this."

Miss Scotland

The stolen information is believed to include names, addresses, dates of birth, email addresses and phone numbers.

No financial or password data was compromised, the company said.

A sampling of the stolen details was posted on the document sharing site Pastebin.

The file contained the names and mobile numbers of 14 applicants to the 2010 Miss Scotland contest.

It also included lengthy biographies written by the women, outlining why they should be selected.

One entrant, who did not want to be named, told BBC News: "I'm not happy at all. I'm kind of worried - because that's everything about me.

"[This data] should have been locked up, this was last year's, so they didn't need to keep my details."

Lulz connection

The original hack on The Sun's website resulted in anyone trying to access it being redirected to a bogus news story about Rupert Murdoch's death.

Hacktivist group Lulz Security (LulzSec) claimed responsibility for the attack. At the time, it was thought to be limited to vandalism.

LulzSec has not offered any comment on the latest developments and its Twitter account has been silent since 28 July when its alleged spokesman was arrested.

However, another Twitter user called Batteye appeared to be the source of the information on the data breach.

In one message, they wrote: "I'm not really with anonymous... but then again I sort of am, aren't I?", referring to the LulzSec affiliated group Anonymous.