Ohio Lottery Reveals Christmas Eve Cyberattack Impacted 539,000 Players

  • The Ohio Lottery has now sent a letter to all impacted parties
  • A ransomware group named DragonForce claimed responsibility
  • The Lottery didn’t discover any misuse of the data during its probe
Andrew O’Malley

System Hacked symbol
The Ohio Lottery has concluded its investigation into the Christmas Eve cyberattack that exposed the data of almost 539,000 players. [Image: Shutterstock.com]

Concluding its probe

The Ohio Lottery has finally lifted the lid on the cyberattack that happened on Christmas Eve now that it has concluded its investigation. It sent a letter to the 538,959 impacted players, informing them that hackers accessed their personal information, including full names and Social Security numbers.

the issue did not extend to the gaming network

The Ohio Lottery explained in the correspondence how it took immediate action to shut down its systems after becoming aware of the breach and got cybersecurity experts on board to investigate the matter. It confirmed that the issue did not extend to the gaming network itself, just the data of players.

The Ohio Lottery took a cautious approach in the immediate aftermath, only allowing prize payouts of less than $600 through the app or retailer stores. It wasn’t until January 10 that all of the temporary restrictions were no longer in place.

The party responsible

A ransomware group named DragonForce said it was responsible for the cyberattack, claiming that it accessed the information of players and employees. It revealed on January 22 that ransom negotiations with the Lottery were not satisfactory and that’s why it was going to leak 1.5 million records.

DragonForce has claimed responsibility for other high-profile ransomware attacks, including on Coca-Cola in Singapore and Yakult in Australia. The hackers try to extort money by locking companies out of their computers and data or by exfiltrating data from a company’s systems and threatening them with the release of it.

Commenting on unsuccessful discussions with the Ohio Lottery, DragonForce said that the state-run entity was “warned that people could suffer” and that the leak was the consequence of its negligence.

The findings

After looking into the breach for the past few months, the Lottery found that the ransomware group accessed the data of 538,000 players and not the 3 million it claimed. Investigators also couldn’t find any evidence that anyone had misused the data to date.

offering a year’s worth of identity theft protection and free credit monitoring

The Lottery is still offering a year’s worth of identity theft protection and free credit monitoring to the people impacted as a precautionary measure. It also provided some advice on how individuals can best protect their personal information going forward. The Lottery concluded the letter by apologizing for the incident and spoke about the measures it takes to protect its users.

Numerous other gambling-related entities suffered cyberattacks in 2023, including MGM Resorts International, Caesars Entertainment, and Aristocrat Leisure.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Related News

We use cookies on this site to enhance your user experience.
By clicking any link on this page, you are giving consent to our use of cookies.

Cookie Overview

VegasSlotsOnline uses cookies to enhance your experience as you navigate through the website. Some of these cookies are categorized as essential because they are essential for the working of the basic functionalities of the website. Essential cookies are stored on your browser. We also use third-party cookies that help us analyze and understand how you use this website. These are non-essential cookies and are stored on your browser only with your consent. You have the option to opt-out of non-essential cookies, but this may affect your browsing experience.

Necessary  (Always Enabled)

Essential cookies are absolutely essential for the website to function properly. This category only includes cookies that ensure the basic functionalities and security features of the website. These cookies do not store any personal information.

Non-Essential ( Enabled Disabled )

Any cookies that may not be particularly necessary for the website to function and are used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-essential cookies. It is mandatory to procure user consent prior to running these cookies on your website.