Cyber Incident Victim: New Hampshire Lottery
Date:
Aug 2022
Location:
United States of America
Summary
A cyber-attack targeting the New Hampshire Lottery's third-party hosting provider disrupted its website, displaying a malicious banner prompting users to download a .zip file. The organization took the site offline immediately upon detection, confirming no player data compromise or gaming platform integrity issues, though retail ticket sales remained unaffected. Restoration efforts included enhanced security measures, with plans to reactivate the website and iLottery platform while delaying winning number updates. A forensic investigation was initiated with the hosting provider to address the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 27, 2022, the New Hampshire Lottery’s third-party hosting provider experienced a cyber-attack that disrupted NHLottery.com. The attack involved the placement of a malicious banner or pop-up on the website designed to trick visitors into clicking and downloading a .zip file. Upon identifying the incident, the NH Lottery immediately took the website offline as a precautionary measure while initiating an investigation. The organization confirmed the attack did not compromise player data or affect the integrity of its gaming platforms, including the iLottery system. Retail lottery ticket sales statewide remained operational throughout the incident, with no reported impact on physical point-of-sale systems.
The NH Lottery advised users who interacted with the malicious content to delete any downloaded .zip files and empty their trash or recycle bins. Those who executed files from the .zip were directed to scan their devices using free antivirus or malware removal tools such as AVG Free or Malwarebytes Free. Users potentially prompted to enter iLottery credentials were instructed to reset their passwords both on the lottery platform and any other services sharing those credentials. Restoration of NHLottery.com commenced within hours of the attack, incorporating enhanced security measures, though iLottery access remained temporarily offline pending further recovery efforts. The organization noted delays in updating winning numbers and jackpot information during restoration. A forensic cyber investigation was initiated in collaboration with the hosting provider to analyze the incident. The NH Lottery committed to providing ongoing public updates as new information became available.