Ohio Lottery Reveals Christmas Eve Cyberattack Impacted 539,000 Players

  • The Ohio Lottery has now sent a letter to all impacted parties
  • A ransomware group named DragonForce claimed responsibility
  • The Lottery didn’t discover any misuse of the data during its probe
System Hacked symbol
The Ohio Lottery has concluded its investigation into the Christmas Eve cyberattack that exposed the data of almost 539,000 players. [Image: Shutterstock.com]

Concluding its probe

The Ohio Lottery has finally lifted the lid on the cyberattack that happened on Christmas Eve now that it has concluded its investigation. It sent a letter to the 538,959 impacted players, informing them that hackers accessed their personal information, including full names and Social Security numbers.

the issue did not extend to the gaming network

The Ohio Lottery explained in the correspondence how it took immediate action to shut down its systems after becoming aware of the breach and got cybersecurity experts on board to investigate the matter. It confirmed that the issue did not extend to the gaming network itself, just the data of players.

The Ohio Lottery took a cautious approach in the immediate aftermath, only allowing prize payouts of less than $600 through the app or retailer stores. It wasn’t until January 10 that all of the temporary restrictions were no longer in place.

The party responsible

A ransomware group named DragonForce said it was responsible for the cyberattack, claiming that it accessed the information of players and employees. It revealed on January 22 that ransom negotiations with the Lottery were not satisfactory and that’s why it was going to leak 1.5 million records.

DragonForce has claimed responsibility for other high-profile ransomware attacks, including on Coca-Cola in Singapore and Yakult in Australia. The hackers try to extort money by locking companies out of their computers and data or by exfiltrating data from a company’s systems and threatening them with the release of it.

Commenting on unsuccessful discussions with the Ohio Lottery, DragonForce said that the state-run entity was “warned that people could suffer” and that the leak was the consequence of its negligence.

The findings

After looking into the breach for the past few months, the Lottery found that the ransomware group accessed the data of 538,000 players and not the 3 million it claimed. Investigators also couldn’t find any evidence that anyone had misused the data to date.

offering a year’s worth of identity theft protection and free credit monitoring

The Lottery is still offering a year’s worth of identity theft protection and free credit monitoring to the people impacted as a precautionary measure. It also provided some advice on how individuals can best protect their personal information going forward. The Lottery concluded the letter by apologizing for the incident and spoke about the measures it takes to protect its users.

Numerous other gambling-related entities suffered cyberattacks in 2023, including MGM Resorts International, Caesars Entertainment, and Aristocrat Leisure.

Leave a Reply

Your email address will not be published. Required fields are marked *