Connect with us

Hi, what are you looking for?



Ohio Lottery Hit by Ransomware, Hackers Claim Theft of Employee and Player Data

The DragonForce ransomware group has taken credit for the Ohio Lottery hack, claiming to have stolen millions of data records.

The Ohio Lottery has confirmed being targeted in a cyberattack and a ransomware group claims to have stolen a significant amount of information from the organization’s systems.

The Ohio state lottery informed customers on its website that it has experienced a “cybersecurity event”. The organization assured the public that its gaming system is fully operational, but said it decided to shut down some key systems to contain the incident. 

Tickets can still be purchased, but winning numbers and jackpots for some games are not available on the Ohio Lottery website and mobile app. In addition, the mobile cashing app and Super Retailer locations are not cashing prizes greater than $599 as a result of the incident. 

A seemingly new ransomware group named DragonForce took credit for the attack on December 27. 

The hackers claim to have stolen more than 600 Gb of data from the Ohio Lottery, including databases storing over three million records associated with employees and players. The data allegedly includes names, email and postal addresses, winnings, dates of birth, and social security numbers. 

The cybercriminals published several screenshots to demonstrate their claims. They are threatening to make all the stolen data public in three days, suggesting that the Ohio Lottery is not willing to pay the demanded ransom. 

DragonForce’s leak website currently lists 21 victims. The group has become one of the most active ransomware gangs. 

Related: Ransomware Group Claims 100 Gb of Data Stolen From Nissan

Related: BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets

Advertisement. Scroll to continue reading.

Related: Inmate, Staff Information Stolen in Rhode Island Prison Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.