Brightstar Lottery Group data breach exposes personal information

Brightstar Lottery Group, a Rhode Island-based gaming and lottery technology vendor formerly known as IGT, is reporting a data breach that compromised the personal information of nearly 550 Connecticut residents. 

 Brightstar Lottery Group operates as a comprehensive lottery technology provider that collects and maintains personal information from prize winners across its client jurisdictions. The company serves nearly 90 lottery customers and their players on six continents and is the primary technology provider to 26 of the 46 lottery jurisdictions in the United States.

The incident primarily affected Brightstar employees and the company's corporate systems. Apparently, the incident did not involve or impact the Connecticut Lottery's systems or operation.

The exposed data, nature of attack and the total number of affected individuals is not disclosed. 

Brightstar only reported that breach affected approximately 550 Connecticut residents, majority being Brightstar employees. 

Brightstar is offering complimentary identity monitoring services for 24 months to all affected individuals. These services include credit monitoring, fraud consultation, and identity theft restoration support.

The DCP warns that communications requesting personal information, financial details, or payment should be considered potentially fraudulent. Residents who receive notification letters and wish to verify their legitimacy are advised to contact the DCP's Gaming Division directly at DCP.Gaming@ct.gov.

Update - as of 8th of October 2025, Brightstar Global Solutions Corporation, reports that the incident impacted 103,879 individuals across multiple states. The company is offering all impacted individuals 24 months of complimentary identity protection services including credit monitoring, fraud detection, dark web monitoring, fraud consultation, and identity theft restoration.