A devastating ransomware attack on the Ohio Lottery has exposed the personal information of more than 538,000 individuals.

The attack, which occurred on Christmas Eve 2023, compromised names, Social Security numbers, and other sensitive personal identifiers.

“On or about December 24, 2023, the Ohio Lottery detected unauthorized access to our internal office network as a result of a cybersecurity incident that resulted in the exposure of the data we maintain. The incident did not impact the gaming network,” the Ohio Lottery said.

“After an extensive forensic investigation and our manual document review, we learned on April 5, 2024 that certain files containing your personal information was subject to unauthorized access.”

While the Ohio Lottery has not publicly disclosed the specific nature of the attack, a ransomware gang known as “DragonForce” claimed responsibility in the days following the incident.

Buy Me A Coffee
Source: BleepingComputer

DragonForce alleges they encrypted devices and exfiltrated documents containing customer and employee data.

DragonForce says the 94 GB of leaked data contains only 1.500.000 records with Ohio Lottery clients’ names, Social Security numbers, and dates of birth.

24 Bugs in Chinese Biometric Devices Can Compromise Data