State officials have confirmed that hackers compromised the Ohio Lottery's computer systems in an attack that began last Christmas Eve.
The central lottery office announced through a press release:
We now have reason to believe that an unauthorized third party obtained access to information belonging to our customers and retailers.
While officials claim that none of the systems that run the state's games were penetrated, a group of cybercriminals allegedly stole the personal information, including social security numbers, names, emails, and addresses of over three million Ohio Lottery players and employees.
Cybersecurity event
A ransomware gang that goes by the name DragonForce has claimed credit for the attack, which compromised the Ohio Lottery's digital databases.
The hackers claim to have taken over 600 GB of data, including vast amounts of personal information from people who play or are associated with the Ohio Lottery.
They have posted several screenshots of their allegedly stolen information and are demanding a ransom not to release it, although some of the data has already been found online.
Other than their public criminal activities, little is known about this group, such as their nationality or number of members, but they have been implicated in several hacks in the past year.
Cashing in
Officials are doing their best to keep the lottery up and running, but some aspects of the system were shut down as experts try to protect the system and assess how it was hacked.
Because some of the Ohio Lottery's servers were taken offline, players could not cash in winning tickets worth more than $599 at casinos, racinos, and lottery ticket Super Retailers. Players could mail their tickets to the Ohio Lottery Central Office in Cleveland but would run the risk of losing them in the mail.
Tickets could also be redeemed through the Ohio Lottery's app, but some first-time users struggled to use it. 86-year-old Edward Riley told Cincinnati.com that it took him four hours to figure out how to operate the app, and because he is a first-time user, he had to wait another ten days to receive a direct deposit for his $1,000 ticket.
Fortunately, as of January 10, the affected servers were put back online, and players could cash their tickets in person again. However, as a result of the hack, the winning numbers for KENO, Lucky One, and the updated EZPLAY Progressive jackpots are not currently available.
In a press release, lottery officials claim that it is still safe to buy tickets and play games:
The integrity of our games is the top priority of the lottery, and we assure the public the gaming system is fully operational. We apologize for the inconvenience and are working as quickly as possible to restore all services.
Impact on players
While the gaming systems themselves are safe, the Ohio Lottery is currently analyzing its internal systems to determine all of the information that was compromised, and they have pledged to notify anyone who was affected and to provide them with credit protection services.
The lottery put out a press release stating:
While the investigation continues, we advise all our valued customers and retailers to exercise caution when it comes to their credit.
As officials continue to assess the impact of the hack, it would be advisable to monitor your credit reports with the three main credit agencies to determine if there is any suspicious activity.
Comments