Connect with us

Hi, what are you looking for?


Data Breaches

500,000 Impacted by Ohio Lottery Ransomware Attack

The Ohio Lottery cyberattack conducted by the DragonForce ransomware group has impacted more than 500,000 individuals.

The Ohio Lottery cyberattack conducted last year by a ransomware group has impacted more than half a million individuals, the lottery said this week.

The incident came to light in late December 2023, after the Ohio Lottery announced shutting down some systems in an effort to contain the breach. 

At around the same time, a seemingly new ransomware group named DragonForce took credit for the attack.  

The hackers have since made available more than 90 Gb of files (in .bak backup format) allegedly stolen from the Ohio Lottery. They claim to have obtained more than 1.5 million records of employee and player information, including names, email and postal addresses, winnings, dates of birth, and social security numbers.  

It’s worth noting that the ransomware group initially claimed to have stolen 3 million records.

The Ohio Lottery told the Maine Attorney General on Thursday that roughly 538,000 individuals are impacted. The report sent to the AG and the letter sent to impacted individuals confirms that full names and social security numbers have been compromised.

The organization says it has no evidence that the stolen information has been or will be misused, but it has decided to offer free credit monitoring and identity theft protection services to impacted individuals. 

The DragonForce leak website currently names more than 40 victims from around the world. 

Cyble reported recently that it had found a DragonForce ransomware binary based on LockBit Black ransomware, suggesting that DragonForce used a leaked LockBit Black builder to generate its binary. 

Advertisement. Scroll to continue reading.

Related: City of Wichita Shuts Down Network Following Ransomware Attack

Related: Brandywine Realty Trust Hit by Ransomware 

Related: LockBit Takes Credit for City of Wichita Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.