Ohio Lottery Cyberattack Compromised 538K Customers

The Ohio Lottery has admitted that the names and social security numbers of more than 538K customers were compromised in a cyberattack on Christmas Eve last year.

Ohio Lottery, hack, DragonForce, ransomware, data-breach
Oh dear! The Ohio Lottery (logo above) says that more than half a million customers have been affected by the actions of a shadowy group that calls itself “DragonForce.” (Image: Ohio Lottery)

In a regulatory filing, the lottery said it concluded its investigation into the attack on April 5, adding that there was no evidence the stolen data had been misused by any malicious actors. It didn’t attribute the attack to a group or individual.

However, on December 27, a ransomware group calling itself “DragonForce” claimed responsibility for the breach.

Dark Web Data Dump

DragonForce claimed it swiped 3 million records, or 600GB worth of data, 94 GB of which the group said it had made available for download in CSV format on the dark web. It asserted that dates of birth and home addresses are included in the data dump, which appears to contradict the Ohio Lottery’s filing.

The December 24 attack caused significant disruption to the lottery, impacting its mobile cashing app and ability to process online prize claims exceeding $599, although players were still able to buy tickets.

In letters to the victims, the lottery apologized for the incident, adding that it was “committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it.”

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” it added.

The lottery said it has offered those affected 12 months of credit monitoring and ID theft protection.

What is DragonForce?

DragonForce appears to be a new threat actor, and the Ohio Lottery appears to have been its first victim. DragonForce has gone on to target Coca-Cola in Singapore and Yakult Australia.

In mid-March, the government of Palau, an island nation in the Western Pacific, was hit by a ransomware attack that knocked out its computer servers. DragonForce claimed responsibility, but so did another group, LockBit.

Like many other ransomware groups, DragonForce tries to extort money from its victims by locking companies out of their computers until a ransom is paid. Failing that, it blackmails the company by stealing data, which it threatens to release on the dark web.

DragonForce is apparently unrelated to the Malaysian pro-Palestine hacktivist group of the same name whose attacks against government agencies in the Middle East are motivated by politics and not financial gain.

Philip Conneller
Philip Conneller Senior Reporter

In Philip Conneller’s eight years with Casino.org, he has covered the gaming industry from Las Vegas to Macau and everything in between. He currently focuses his coverage on gaming law, white-collar crime, global money laundering, tribal gaming, politics, and regulation.

Philip was the original features editor for poker’s Bluff Magazine and editor for Bluff Europe, which he helped launch. His writing has also been featured in ESPN, Forbes, Time Out, The Sun, and The Daily Star, as well as iGaming Business, eGaming Review, and numerous other industry news and tech websites.

His news stories for Casino.org/news have been linked by The Washington Post, The Daily Mail, People Magazine, and Jimmy Fallon's Tonight Show, among many others.

Philip once won $20,000 with 7-2 off-suit. He has been reprimanded for unwittingly playing Elton John’s piano on two separate occasions on both sides of the Atlantic.

He became a writer because he is a lousy pianist.

Philip lives outside London with his wife and children, where he spends his time agonizing about Arsenal FC.

Contact Philip at philip.conneller@casino.org.

Comments icon

Conversation (1 comment)

+ Add a comment
  • S
    Samar July 24, 2024
    Ohio hacker bro!!!
    Reply

Write a comment

Your email address will not be published.