An Oklahoma law firm is investigating Brightstar Lottery, one of the world’s largest technology providers to the lottery sector, over a security breach in 2024.
Then-named IGT, Brightstar was subject to a cybercrime attack on 17 November 2024 during which criminals were able to gain access to files on its secured network containing the personal information of 103,879 people.
According to Murphy Law Firm, based in Oklahoma City, personal details accessed during the attack included names, social security numbers, financial information, health information, drivers licence numbers, dates of birth and contact information.
Brightstar does not deny that the incident took place. The firm disclosed this way back in 2024, with a Brightstar statement provided to Lottery Daily stating that ‘an unauthorised third party gained access to certain internal corporate systems’.
“We took immediate action to re-secure our impacted systems, report the incident to law enforcement and launch our own investigation,” the statement read.
“A lengthy review and analysis of what personal information may have been exposed was recently completed and we are now in the process of sending written notices to individuals whose personal information was involved, as required by law.
“We are not aware of any misuse of personal information, but as a precaution, we are offering all impacted individuals 24 months of credit monitoring, fraud detection, or dark web monitoring.
“The privacy and security of personal information is of utmost importance to us. We continue to monitor our internal systems and have introduced additional measures to further enhance our security defenses.”
The incident occurred during a transformational period for Brightstar, though this was unrelated to the nature of the data breach. The firm had a much more wide ranging scope than it does today, with its business focus covering both lotteries and iGaming.
As IGT, the firm was – and still is as Brightstar – a technology partner to various state-run lotteries. It also maintained an extensive gaming division, spread across the Global Gaming and PlayDigital units, which were divested to Apollo Capital earlier this year.
To align with its new sole lotteries focus, the firm opted to undergo a rebrand to Brightstar Lottery – but it has not been able to put the challenge of the data breach behind it, as Murphy Law Firm’s investigation shows.
The legal practice has initiated a class action lawsuit on behalf of some individuals whose personal details were accessed.