OLC
Company Details
Linkedin ID:
ohio-lottery-commission
Website:
Employees number:
289
Number of followers:
2,236
NAICS:
92
Industry Type:
Homepage:
ohiolottery.com
IP Addresses:
1336
Company ID:
OHI_1696387
Scan Status:
Completed
Ohio Lottery Commission Company CyberSecurity Posture
ohiolottery.com
At the Ohio Lottery, we’re optimistic, innovative, and fun. We’ve been bringing fun lottery games to Ohioans for more than 40 years, all the while raising money in support of education in Ohio. The Ohio Lottery Commission was created in May 1973 by a voter-approved constitutional amendment. Today, the Ohio Lottery has grown to offer customers a variety of games including scratch offs, Keno, instant win and monitor games and the jackpot games Mega Millions, Powerball, Pick 3, Pick 4 and Pick 5, Rolling Cash 5 and Classic Lotto. We have a game for every player at over 9,100 licensed retail locations and seven racinos across the state. Operating entirely on revenue from game sales, the Ohio Lottery has generated over $29 billion for education in Ohio since 1974. Learn more about the Ohio Lottery at www.ohiolottery.com. Learn more about the Ohio Lottery at www.youtube.com/ohiolottery
Ohio Lottery Commission A.I CyberSecurity Scoring
OLC Risk Score (AI oriented)Between 650 and 699
OLC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
OLC Global Score (TPRM)XXXX
OLC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
OLC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Ohio Lottery
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Ohio Lottery experienced a data breach on December 24, 2023, due to unauthorized access to its internal office network. The breach was disclosed on May 9, 2024, affecting approximately 538,959 individuals, with 56 residents specifically impacted. The compromised data included Social Security numbers and other personal information. In response, the Ohio Lottery offered free identity theft protection services, including 12 months of credit monitoring through IDX/ZEROFOX, to the affected individuals.
OLC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for OLC
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for Ohio Lottery Commission in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Ohio Lottery Commission in 2025.
Incident Types OLC vs Government Administration Industry Avg (This Year)
No incidents recorded for Ohio Lottery Commission in 2025.
Incident History — OLC (X = Date, Y = Severity)
OLC cyber incidents detection timeline including parent company and subsidiaries
OLC Company Subsidiaries
At the Ohio Lottery, we’re optimistic, innovative, and fun. We’ve been bringing fun lottery games to Ohioans for more than 40 years, all the while raising money in support of education in Ohio. The Ohio Lottery Commission was created in May 1973 by a voter-approved constitutional amendment. Today, the Ohio Lottery has grown to offer customers a variety of games including scratch offs, Keno, instant win and monitor games and the jackpot games Mega Millions, Powerball, Pick 3, Pick 4 and Pick 5, Rolling Cash 5 and Classic Lotto. We have a game for every player at over 9,100 licensed retail locations and seven racinos across the state. Operating entirely on revenue from game sales, the Ohio Lottery has generated over $29 billion for education in Ohio since 1974. Learn more about the Ohio Lottery at www.ohiolottery.com. Learn more about the Ohio Lottery at www.youtube.com/ohiolottery
Loading...
OLC Similar Companies
CONICET
El Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET) es el principal organismo dedicado a la promoción de la ciencia y la tecnología en la Argentina. Su actividad se desarrolla en cuatro grandes áreas: • Ciencias agrarias, ingeniería y de materiales • Ciencias biológicas y de la s
City of Amsterdam
Working for Amsterdam means working for the most beautiful city in the world. Think of its rich history, the role Amsterdam plays internationally, and events such as Sail, Gay Pride and King’s Day. Of course everybody wants to visit Amsterdam, or work or live here. As you can probably imagine, work
Department for Education
Help us achieve world-class education, training and care for everyone, whatever their background. Whether you're just starting out, or an experienced professional, we have what you are looking for. Jobs include administration, policy advisers, digital, finance, commercial specialists and many more
Department of Education
The Department of Education is responsible for delivering the Victorian Government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone f
Council Careers Victoria
Victorian local government jobs offer opportunities for people with diverse skills. The sector delivers more than 100 services and employs staff in the areas of health and community care, corporate and business support, engineering, planning and community development, and environment and emergency m
US Environmental Protection Agency (EPA)
U.S. Environmental Protection Agency’s (EPA) mission is to protect human health and the environment. EPA works to ensure that: - Americans have clean air, land and water; - National efforts to reduce environmental risks are based on the best available scientific information; - Federal laws protecti
Texas Health and Human Services
Overview The Texas Health and Human Services Commission (HHSC) is an agency within the Texas Health and Human Services System. In September 2016, Texas began transforming how it delivers health and human services to qualified Texans, with a goal of making the Health and Human Services System more ef
Ministry of Health Saudi Arabia
The Ministry of Health (MOH), by way of its objectives, policies and projects included in this strategy, seeks to accomplish a promising future vision; namely, delivering best-quality integrated and comprehensive healthcare services. Carrying health conditions or health status of Saudi inhabitants t
State of California
Californians deserve a government that works for them and with them. One that will work to ensure opportunity and justice. We are building a California not for the few, but for all — including those who have historically been left out. We are doing the work to make our state a place for every Cali
.png)
OLC CyberSecurity News
September 03, 2025 07:00 AM
As Powerball jackpot soars, Ohioans can't use Jackpocket app for tickets
Ohio Jackpocket users are getting alerts that they can't order lottery tickets through the app. Here's what's happening.
November 29, 2024 08:00 AM
Millions of dollars unclaimed in Ohio lottery prizes every year
A life-changing lottery win could be slipping through your fingers. While some celebrate big wins, millions in Ohio prizes remain unclaimed...
November 21, 2024 08:00 AM
Gambling and lottery giant disrupted by cyberattack, working to bring systems back online
International Game Technology (IGT) notified the U.S. Securities and Exchange Commission on Tuesday that it became aware of the cyberattack...
November 17, 2024 08:00 AM
IGT Hit By Cybersecurity Breach, Disrupting Key Systems
International Game Technology (IGT), one of the largest gambling companies in the United States, has confirmed a significant cybersecurity...
September 22, 2024 07:00 AM
Ohio has no statewide standard for cybersecurity, but it's here to help when cities are hit
Recent ransomware attacks have crippled cities including Columbus and Cleveland, compromising residents' personal information and delaying...
May 11, 2024 07:00 AM
Ohio Lottery data breach impacted over 538,000 individuals
The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of over 538000 individuals.
May 10, 2024 07:00 AM
Ohio Lottery shares details about cybersecurity incident
The Ohio Lottery has suffered cybersecurity incident, revealing the sensitive information of over 500,000 people. In December 2023 the Ohio...
February 20, 2024 08:00 AM
Hackers demanded money in Ohio Lottery cybersecurity incident: I-Team
The FOX 8 I-Team has found hackers demanded money when they got into computers with the Ohio Lottery Commission.
January 27, 2024 08:00 AM
Ohio Lottery cashing services restored after 'cybersecurity incident' on website
Ohio Lottery cashing services that were suspended after a "cybersecurity incident" in December are now fully restored.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
OLC CyberSecurity History Information
Official Website of Ohio Lottery Commission
The official website of Ohio Lottery Commission is http://www.ohiolottery.com.
Ohio Lottery Commission’s AI-Generated Cybersecurity Score
According to Rankiteo, Ohio Lottery Commission’s AI-generated cybersecurity score is 693, reflecting their Weak security posture.
How many security badges does Ohio Lottery Commission’ have ?
According to Rankiteo, Ohio Lottery Commission currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ohio Lottery Commission have SOC 2 Type 1 certification ?
According to Rankiteo, Ohio Lottery Commission is not certified under SOC 2 Type 1.
Does Ohio Lottery Commission have SOC 2 Type 2 certification ?
According to Rankiteo, Ohio Lottery Commission does not hold a SOC 2 Type 2 certification.
Does Ohio Lottery Commission comply with GDPR ?
According to Rankiteo, Ohio Lottery Commission is not listed as GDPR compliant.
Does Ohio Lottery Commission have PCI DSS certification ?
According to Rankiteo, Ohio Lottery Commission does not currently maintain PCI DSS compliance.
Does Ohio Lottery Commission comply with HIPAA ?
According to Rankiteo, Ohio Lottery Commission is not compliant with HIPAA regulations.
Does Ohio Lottery Commission have ISO 27001 certification ?
According to Rankiteo,Ohio Lottery Commission is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ohio Lottery Commission
Ohio Lottery Commission operates primarily in the Government Administration industry.
Number of Employees at Ohio Lottery Commission
Ohio Lottery Commission employs approximately 289 people worldwide.
Subsidiaries Owned by Ohio Lottery Commission
Ohio Lottery Commission presently has no subsidiaries across any sectors.
Ohio Lottery Commission’s LinkedIn Followers
Ohio Lottery Commission’s official LinkedIn profile has approximately 2,236 followers.
NAICS Classification of Ohio Lottery Commission
Ohio Lottery Commission is classified under the NAICS code 92, which corresponds to Public Administration.
Ohio Lottery Commission’s Presence on Crunchbase
No, Ohio Lottery Commission does not have a profile on Crunchbase.
Ohio Lottery Commission’s Presence on LinkedIn
Yes, Ohio Lottery Commission maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ohio-lottery-commission.
Cybersecurity Incidents Involving Ohio Lottery Commission
As of November 28, 2025, Rankiteo reports that Ohio Lottery Commission has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Ohio Lottery Commission has an estimated 11,116 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ohio Lottery Commission ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Ohio Lottery Commission detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with idx/zerofox..
Incident Details
Can you provide details on each incident ?
Title: Ohio Lottery Data Breach
Description: The Ohio Lottery reported a data breach that occurred on December 24, 2023, due to unauthorized access to its internal office network. The breach, disclosed on May 9, 2024, impacted approximately 538,959 individuals, with 56 residents specifically affected, and compromised Social Security numbers among other personal information. Free identity theft protection services, including 12 months of credit monitoring through IDX/ZEROFOX, were offered to affected individuals.
Date Detected: 2023-12-24
Date Publicly Disclosed: 2024-05-09
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach OHI205072725
Data Compromised: Social security numbers, Other personal information
Systems Affected: Internal office network
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, Other Personal Information and .
Which entities were affected by each incident ?
Incident : Data Breach OHI205072725
Entity Name: Ohio Lottery
Entity Type: Government Agency
Industry: Gaming
Location: Ohio, USA
Customers Affected: 538959
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach OHI205072725
Third Party Assistance: IDX/ZEROFOX
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IDX/ZEROFOX.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach OHI205072725
Type of Data Compromised: Social security numbers, Other personal information
Number of Records Exposed: 538959
Sensitivity of Data: High
Personally Identifiable Information: Yes
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Ohio Lottery Data Breach ReportDate Accessed: 2024-05-09.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as IDX/ZEROFOX.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-12-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-05-09.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, Other personal information and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was IDX/ZEROFOX.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Other personal information and Social Security numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.5K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Ohio Lottery Data Breach Report.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ohio-lottery-commission' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
