A lottery courier service based in Australia called TheLotter has just confirmed that it has suffered a breach of data from a person with the name 'Ponce' listed in a hacking forum, and this Ponce has managed to exfiltrate various data from more than 200K customers.

Australian lottery ticket vendor and courier TheLotter has confirmed it suffered a cyber attack following claims made earlier this month by a threat actor who alleged the breach of customer data belonging to over 200,000 individuals.

A cyber attack with data from over 200K customers

TheLotter, which brands itself as a 'worldwide online lottery ticket purchasing and courier service,' allows customers to participate in global lotteries from the comfort of their homes. The company now finds itself in the spotlight after a user operating under the alias 'Ponce' posted a listing on a prominent hacking forum on Friday, 11 April, asserting that they had exfiltrated sensitive data from the platform's Australian operations.

According to the list, the threat actor claimed to have obtained personal information from 201,617 customers, including first and last names, residential addresses, IP addresses, order dates, and user status. However, it has not been confirmed whether the contents of the listing were due to an ongoing outage affecting the hacking forum where the post was made.

Responding to a request for comment, TheLotter confirmed that it had experienced a cyber incident but downplayed the scale of the breach.

TheLotter confirms the data breach

"As part of our commitment to transparency and customer trust, I can confirm that the incident involved a limited leak of internal game logs used by our audit systems," said a company spokesperson. "Importantly, there was no breach of our production database, and no sensitive information such as passwords, payment details, phone numbers, or email addresses was accessed or published."

The company did not directly confirm whether the information listed by the threat actor matched the data compromised in the breach. Several news outlets have followed up for clarification and are awaiting a response.

TheLotter stated that it promptly notified affected customers and is actively supporting them with security guidance. "Following our internal investigation, we immediately notified the affected customers and are actively assisting them with guidance on how to take proactive steps to further enhance the security of their accounts," the spokesperson added.

A promise to customers to strengthen cybersecurity measures

The company also emphasized that it is taking the matter seriously, pledging to bolster its cybersecurity posture. "We take these matters very seriously and continue to invest in strengthening our infrastructure, improving internal safeguards, and ensuring full compliance with our regulatory obligations."

Nevertheless, while online lottery platforms are often seen as lucrative targets for cybercriminals, they are not frequently the focus of confirmed cyber incidents. However, this breach is not entirely unprecedented.

In a separate incident in June 2024, EvoEvents, based in New Zealand - a company associated with online gambling and sweepstakes - was listed on the dark web leak site operated by the DragonForce ransomware group. The cybercriminals claimed to have exfiltrated a total of 6.14 gigabytes of data, although they did not disclose what type of data had been accessed.

Cyber infiltration on the rise

The increasing frequency of cyber threats targeting the online gambling and lottery sector demonstrates the evolving nature of cybercrime and its potential to impact businesses that handle large volumes of personal data.

As investigations into the TheLotter breach continue, cybersecurity experts urge users of such platforms to remain vigilant, monitor their accounts for suspicious activity, and update their security settings wherever possible. For now, customers of TheLotter Australia are being advised to follow the company's recommendations and stay informed as more details about the incident are expected to emerge in the coming days.