The Ohio Lottery was hit by a cyberattack last Christmas Eve.
That attack left more than 538,000 players and their personal data compromised.
A regulatory filing by the Ohio Lottery disclosed just how many individuals were impacted.
Along with player data being accessed, the lottery was unable to award instant win tickets or lottery draw games with prizes of $600 or more at the time.
Ohio Lottery provides complimentary services for cyberattack victims
According to The Register, the Ohio Lottery concluded its investigation on April 5. It reported that 538,959 individuals had their names and Social Security numbers exposed in the attack.
Ransomware group DragonForce is taking credit for the wrongdoing. It has said it leaked the stolen data online.
Though there is no indication of misuse of the stolen data, the Ohio Lottery had to take action.
It has offered all individuals impacted 12 months of complimentary credit monitoring and identity theft protection.
In a letter to victims of the attack, the Ohio Lottery stressed efforts toward making sure their information was safe:
“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”
DragonForce claims credit for 1.5 million records and 94 GB worth of data. However, during the initial hack, it mentioned having three million records with home addresses and account history.
Data breach affected retail prize delivery
Though the Ohio Lottery never confirmed the source of the attack, DragonForce took credit soon after.
Along with the data breach, winners of $600 or more were temporarily unable to cash out their winning tickets at the time. The Ohio Lottery said the attack didn’t impact its game systems and that players could safely purchase tickets despite the attack:
“The integrity of our games is the top priority of the Lottery, and we assure the public the gaming system is fully operational. We apologize for the inconvenience and are working as quickly as possible to restore all services.”
DragonForce was seeking to extort the Ohio Lottery for money. When that was unsuccessful, it began to leak CSV files claiming to be the stolen information.
Photo by MMD Creative via Shutterstock
Graphic from the Ohio Lottery