More than 538,000 Ohio Lottery players have their names and Social Security numbers compromised in a Christmas Eve data breach revealed this week in a regulatory filing by the state lottery, The Register reports.
Despite no indication of misuse of the stolen data, the Ohio Lottery is offering all affected individuals 12 months of complimentary credit monitoring and identity theft protection as a precautionary measure.
The DragonForce ransomware group is said to have leaked the stolen data online, taking credit for the attack soon after it happened. While lucky winners of amounts above $599 were temporarily unable to cash out their rewards due to the attack, the state lottery at the time declared that the intrusion had no effect on its game systems and that lottery fans could safely continue purchasing tickets.
"We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information," Ohio Lottery wrote in the letter to victims.