Ohio Lottery's Cyberattack Exposed Data of 538,000 Players
The Ohio Lottery has acknowledged that information belonging to over 538,000 customers, including their names and Social Security numbers, was stolen in a cyberattack on Christmas Eve last year.
In a recent filing, the lottery revealed that its investigation into the incident ended on April 5, with no evidence found that the stolen data had been misused by any malicious individuals or groups. They didn't mention any specific group or individual behind the attack.
On December 27, a ransomware gang known as "DragonForce" claimed responsibility for the breach.
Leaked Data
Foreign media outlets reported that DragonForce managed to swipe 3 million records, amounting to 600GB of data. According to DragonForce, 94GB of that data was made available for download in CSV format on the dark web. The group asserted that this included customers' dates of birth and home addresses, which seems to contradict the Ohio Lottery's announcement.
This attack left the lottery's mobile cashing app and online prize claim processes severely impacted. However, customers could still buy lottery tickets.
The lottery issued letters of apology to those affected, and stated their commitment towards preserving the privacy of their customers' personal information. They also declared that they are constantly assessing and improving their security measures.
To help those affected, the lottery offered them 12 months of credit monitoring and identity theft protection services.
Who is DragonForce?
It seems that DragonForce is a new threat actor, and the victims appear to be the Ohio Lottery and, subsequently, Coca-Cola in Singapore and Yakult Australia.
In mid-March, the government of Palau, an island nation located in the Western Pacific, suffered a ransomware attack that caused their computer servers to go offline. DragonForce claimed responsibility, but so did another group, LockBit.
Similar to other ransomware gangs, DragonForce demands ransom money from their targets. If not paid, they coerce the company by publicizing the stolen data on the dark web.
DragonForce does not seem to be affiliated with the Malaysian pro-Palestine hacktivist group of the same name, whose attacks against government agencies in the Middle East are driven by ideology rather than financial gain.
Read also:
- The 15-year-old murderer admits to fatally shooting Francesco, who was 14.
- Schalke's pressure has affected Terodde.
- Columbia University Faces Possible Expulsion Following Demonstrations
- Football turmoil in Munich: Last-minute penalty stuns Bayern
Source: www.casino.org