Cyber Incident Victim: International Game Technology
Date:
Nov 2024
Location:
United States of America
Summary
International Game Technology experienced a disruptive cyberattack that compromised portions of its internal IT systems and applications, prompting the company to proactively take affected systems offline. The incident triggered activation of its cybersecurity response plan, with an ongoing investigation supported by external advisors to assess and remediate the unauthorized access. While operational workarounds and business continuity measures were implemented to maintain customer services, the company has not yet determined the materiality of the incident or its potential financial impact. No threat actor has claimed responsibility for the attack, which follows a pattern of recent ransomware incidents targeting gambling and lottery sectors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 17, 2024, International Game Technology PLC (IGT) detected unauthorized third-party access to its internal systems, causing disruptions to portions of its information technology infrastructure and applications. The company promptly activated its cybersecurity incident response plan and initiated an investigation with external advisors to assess and remediate the breach. As a containment measure, IGT proactively took affected systems offline to prevent further compromise while working to restore operations. The incident disrupted business processes, though the company implemented operational workarounds aligned with its business continuity plans to maintain customer service capabilities. IGT formally notified the U.S. Securities and Exchange Commission about the cyberattack on November 19, 2024, through a Form 6-K filing, disclosing that the full scope and materiality of the incident remained under evaluation. No ransomware claims or attributions to specific threat actors had emerged by the time of regulatory disclosure.
IGT—a global provider of lottery systems, gambling machines, and sports betting technology with over 11,000 employees—reported $1.9 billion in revenue for the first nine months of 2024 prior to the attack. The disruption occurred amid heightened targeting of gambling sector entities, including the 2023 Ohio state lottery ransomware incident and the MGM Casino breach that caused over $100 million in damages. While IGT's technical recovery efforts focused on restoring offline systems, the company maintained stakeholder communications regarding incident status and operational impacts. Internal and external investigations continued to analyze the intrusion vector, duration of unauthorized access, and potential data compromise. The company did not disclose specific affected systems or geographic regions impacted but confirmed ongoing remediation activities without projecting a timeline for full system restoration or financial consequence quantification.