Fifth day of investigation into cybersecurity event, some prize payouts still paused

By Kate Northrop

The Ohio Lottery temporarily suspended lottery payouts for prizes over a certain amount after a "cybersecurity event" impacted their computer systems on Christmas Eve.

Payouts for Ohio Lottery prizes of $599 and above have been suspended for some claim methods due to a cybersecurity incident that occurred on Sun., Dec. 24.

Viewing results for some games has also been impacted, making it temporarily impossible for players to check their numbers for those games.

According to a statement on the Lottery's website, the cybersecurity event affected the Lottery's computer systems, which prompted them to disconnect "key systems to contain the issue."

"The integrity of our games is the top priority of the Lottery, and we assure the public the gaming system is fully operational," the Lottery said in a press release.

The winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots are unavailable on the website or mobile app. However, all other draw game winning numbers and jackpot amounts are still up-to-date on the website and app. Players may also check their ticket at an in-person retailer.

Players may still purchase scratch-off games and draw game tickets at licensed retailers and self-service machines.

At this time, prizes of up to $599 may be cashed at Lottery retailers, but prizes of $600 and over cannot be claimed using mobile cashing, and Super Retailer locations are not cashing prizes greater than $599. However, prizes over $600 may still be mailed to the Ohio Lottery Central Office or claimed using the digital claim form.

The Lottery has notified law enforcement and is currently conducting an internal investigation, but there are still unknowns surrounding the nature of the event.

"We're starting to see a trend," GuidePoint Senior Security Consultant Christopher Warner told FOX 8. "Maybe they think they can hack their way into a winning number and then win the lottery."

Warner suggested that the trend could not only lead to games being compromised, but that there is a risk of consumer information being stolen.

"Obviously the app on your phone — when you're buying lottery tickets, that's taking personal information," he elaborated.

Another cybersecurity expert at Case Western Reserve University, Erman Ayday, told News 5 Cleveland that it could be hackers trying to steal personal data, but the scope of the problem could go beyond just that.

"But that's not it," Ayday continued. "Once you breach into a system, you can also potentially go and change some algorithms."

Ayday recommended that, since the damage is already done, users can change passwords on the app or website to give themselves peace of mind.

News 5 Cleveland visited Lottery retailer Charlie's Beverage on Lorain Avenue in Cleveland and spoke to customers there about the disruption. While store owner Michael Eadah said that he hasn't seen a change in the number of people lining up to buy tickets despite the Lottery's inability to payout certain games, one player voiced concerns about how the outage impacts ticket buyers.

"I bought KENO over the past three days," player Valencia Jones-Green told the news outlet. "It is very frustrating because you want to know."

Jones-Green says she hopes the Lottery can remain transparent throughout the investigation.

"Financially, that's everybody's money going into it," she continued. "It is a concern because people are going to want to know what happened because we use our debit cards — we use all that. It will affect us."

The possible culprits?

The Ohio Lottery has not publicly named anyone in the incident, but a ransomware gang called DragonForce has claimed responsibility.

The group is alleging that they encrypted devices and stole data pertaining to both Lottery employees and players, namely Social Security numbers, dates of birth, first and last names, addresses, and winning amounts.

"More than 3,000,000+ entries, first name, last name, mail, addresses, winning amounts! SSN + DOB records of employees and players," DragonForce claimed. "...The total weight of the leak when unpacked is about 600+ gigabytes."

In an effort to prove their responsibility for the incident, the ransomware gang posted an entry to their data leak site that suggests the stolen files contain information belonging to Lottery employees and players.

While the ransomware gang is forthright about their link to the event, there is no concrete evidence that yet proves their involvement beyond a shadow of a doubt, and law enforcement has not confirmed any bad actors in the case.

Daily draw games not affected

A statement from the Ohio Lottery today clarified that the cybersecurity event did not involve any Ohio Lottery games or the technology systems on which the Lottery operates, and that it is still safe to purchase tickets.

"While the cybersecurity incident investigation is on-going, the State wants to reiterate that if any consumer data was compromised, it will take all measures to assist with credit monitoring to protect Ohioans," today's statement reads. "We will notify all known affected individuals as quickly as possible and in accordance with applicable laws."

The Lottery is currently working to restore all cashing options "in the very near future." Players have 180 days from the draw date to claim their prize, or in the case of a scratch-off game, the date the game is scheduled to close.