The Ohio Lottery disclosed this week that a cyberattack conducted by the ransomware group DragonForce last year has affected over half a million individuals. The breach, revealed in December 2023, led to the shutdown of certain systems by the Ohio Lottery to contain the incident. DragonForce claimed responsibility for the attack and released over 90 GB of allegedly stolen files, including more than 1.5 million records containing employee and player information such as names, email and postal addresses, winnings, dates of birth, and social security numbers. Although the group initially claimed to have taken 3 million records, the Ohio Lottery confirmed approximately 538,000 individuals were impacted, with compromised data including full names and social security numbers. While there is no evidence of misuse, the Ohio Lottery is offering free credit monitoring and identity theft protection services to those affected. The DragonForce leak website lists over 40 victims globally, and Cyble recently reported finding a DragonForce ransomware binary based on LockBit Black ransomware, implying the use of a leaked LockBit Black builder by DragonForce for generating its binary.
Read more: https://www.securityweek.com/500000-impacted-by-ohio-lottery-ransomware-attack/