Brightstar Lottery Data Breach Exposes Social Security Numbers

On Nov. 17, 2024, Brightstar Global Solutions Corporation, now known as Brightstar Lottery, experienced a significant data breach involving unauthorized access to certain internal corporate systems. The breach was discovered the same day, prompting immediate action to secure the affected systems and initiate a thorough investigation.

Due to the complex and unstructured nature of the compromised data, Brightstar and its partner IGT Group conducted a detailed manual review to determine the scope and specific information involved. This review concluded on Aug. 21, 2025 and revealed that the cyberattack affected 103,879 individuals.

The breach exposed a broad range of sensitive consumer information including names, contact information, dates of birth, government identification documents and numbers (such as driver’s license numbers, Social Security numbers and tax identifiers), financial account information and health data. Affected individuals includes 1,796 Washington residents 1,483 Massachusetts residents, 116 in Maine and 208 in Montana.

The breach was disclosed to multiple state authorities between Oct. 3, 2025 and Oct. 6, 2025, including the California Attorney General's office, the Maine Attorney General's office, the Oregon Attorney General's office, the Massachusetts Attorney General, the Montana Attorney General, the Washington Attorney General, the New Hampshire Attorney General and the Vermont Attorney General.

Brightstar Global Solutions' response

In response to the incident, Brightstar and IGT Group took immediate steps to secure their systems and launched a comprehensive investigation. The companies also reported the breach to law enforcement and have implemented additional security measures to strengthen their defenses against future attacks. Ongoing system monitoring has been put in place to detect any suspicious activity.

To support those affected, Brightstar has engaged Kroll, a global risk mitigation and response firm, to provide complimentary identity monitoring services for 24 months. These services include credit monitoring, fraud consultation and identity theft restoration. Affected individuals will receive alerts of changes to their credit data, have access to fraud specialists for guidance and, if necessary, receive assistance from licensed investigators to resolve identity theft issues.

Individuals are encouraged to remain vigilant by reviewing personal records and monitoring credit reports. Brightstar has provided detailed instructions on how to place fraud alerts or security freezes with the major credit bureaus and recommends reporting any suspected identity theft to law enforcement and the Federal Trade Commission. Additional resources and step-by-step guidance are available in the official notice, which will be accessible at the bottom of this article’s page in PDF format.