Ohio Lottery Cyberattack Compromised 538K Customers

Posted on: May 15, 2024, 10:12h. 

Last updated on: May 15, 2024, 10:20h.

The Ohio Lottery has admitted that the names and social security numbers of more than 538K customers were compromised in a cyberattack on Christmas Eve last year.

Ohio Lottery, hack, DragonForce, ransomware, data-breach
Oh dear! The Ohio Lottery (logo above) says that more than half a million customers have been affected by the actions of a shadowy group that calls itself “DragonForce.” (Image: Ohio Lottery)

In a regulatory filing, the lottery said it concluded its investigation into the attack on April 5, adding that there was no evidence the stolen data had been misused by any malicious actors. It didn’t attribute the attack to a group or individual.

However, on December 27, a ransomware group calling itself “DragonForce” claimed responsibility for the breach.

Dark Web Data Dump

DragonForce claimed it swiped 3 million records, or 600GB worth of data, 94 GB of which the group said it had made available for download in CSV format on the dark web. It asserted that dates of birth and home addresses are included in the data dump, which appears to contradict the Ohio Lottery’s filing.

The December 24 attack caused significant disruption to the lottery, impacting its mobile cashing app and ability to process online prize claims exceeding $599, although players were still able to buy tickets.

In letters to the victims, the lottery apologized for the incident, adding that it was “committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it.”

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” it added.

The lottery said it has offered those affected 12 months of credit monitoring and ID theft protection.

What is DragonForce?

DragonForce appears to be a new threat actor, and the Ohio Lottery appears to have been its first victim. DragonForce has gone on to target Coca-Cola in Singapore and Yakult Australia.

In mid-March, the government of Palau, an island nation in the Western Pacific, was hit by a ransomware attack that knocked out its computer servers. DragonForce claimed responsibility, but so did another group, LockBit.

Like many other ransomware groups, DragonForce tries to extort money from its victims by locking companies out of their computers until a ransom is paid. Failing that, it blackmails the company by stealing data, which it threatens to release on the dark web.

DragonForce is apparently unrelated to the Malaysian pro-Palestine hacktivist group of the same name whose attacks against government agencies in the Middle East are motivated by politics and not financial gain.