Ohio Lottery Offers Protection To Over 500,000 Impacted By Data Breach

The Ohio Lottery was hit by a cyberattack last Christmas Eve.

That attack left more than 538,000 players and their personal data compromised.

A regulatory filing by the Ohio Lottery disclosed just how many individuals were impacted.

Along with player data being accessed, the lottery was unable to award instant win tickets or lottery draw games with prizes of $600 or more at the time.

Ohio Lottery provides complimentary services for cyberattack victims

According to The Register, the Ohio Lottery concluded its investigation on April 5. It reported that 538,959 individuals had their names and Social Security numbers exposed in the attack.

Ransomware group DragonForce is taking credit for the wrongdoing. It has said it leaked the stolen data online.

Though there is no indication of misuse of the stolen data, the Ohio Lottery had to take action.

It has offered all individuals impacted 12 months of complimentary credit monitoring and identity theft protection.

In a letter to victims of the attack, the Ohio Lottery stressed efforts toward making sure their information was safe:

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”

DragonForce claims credit for 1.5 million records and 94 GB worth of data. However, during the initial hack, it mentioned having three million records with home addresses and account history.

Data breach affected retail prize delivery

Though the Ohio Lottery never confirmed the source of the attack, DragonForce took credit soon after.

Along with the data breach, winners of $600 or more were temporarily unable to cash out their winning tickets at the time. The Ohio Lottery said the attack didn’t impact its game systems and that players could safely purchase tickets despite the attack:

“The integrity of our games is the top priority of the Lottery, and we assure the public the gaming system is fully operational. We apologize for the inconvenience and are working as quickly as possible to restore all services.”

DragonForce was seeking to extort the Ohio Lottery for money. When that was unsuccessful, it began to leak CSV files claiming to be the stolen information.

 

Photo by MMD Creative via Shutterstock
Graphic from the Ohio Lottery

About the Author

Drew Ellis

Drew Ellis

Lead Writer
A member of Catena Media since 2020, Drew Ellis is the Lead Writer at PlayiLottery, where he handles coverage of the online and retail lottery industry in the US. He previously spearheaded news content at PlayMichigan, where he covered one of the most prominent online lottery industries in the US — among the many other aspects of Michigan's sprawling iGaming market. You can email him at [email protected].
Back To Top