New York Officials Confirm Cybersecurity Incident With Central Lottery System

Posted on: October 21, 2023, 08:51h. 

Last updated on: October 23, 2023, 09:46h.

The New York Gaming Commission says a cybersecurity “event” temporarily shuttered or disrupted several of the state’s casinos that operate video lottery terminals (VLTs). The slot-like machines operate on the state’s lottery central system in Schenectady.

New York Jake's 58 video lottery terminal Everi
Jake’s 58 Casino Hotel on New York’s Long Island is back open following a temporary closure because of a cybersecurity event. The cybersecurity issue occurred not at Jake’s but at the vendor operating the New York Gaming Commission’s video lottery gaming central system. (Image: Newsday)

Though they operate, look, and sound like Las Vegas-style slot machines, VLTs are linked together and calculate whether a spin wins or loses based on lottery simulations. The network is programmed to pay out a certain rate. When those wins come, they depend on the entire network’s operations across the nine VLT properties.

Everi Holdings operates the VLT system on the New York Gaming Commission’s behalf. State gaming regulators said a cyber incident levied against Everi caused the network disruption last week.

On Tuesday, Oct. 17, 2023, Everi, the licensed operator of New York’s video lottery gaming central system, experienced a cybersecurity event that remains under investigation,” said New York Gaming Commission spokesperson Brad Maione.

Jake’s 58 on Long Island was most impacted, as the Islandia property shuttered its gaming floor and more than 1,000 VLT machines on the morning of Tuesday, Oct. 17. The casino only resumed gaming operations yesterday.

Suffolk Regional Off-Track Betting Corporation (Suffolk OTB) owns and operates Jake’s. The company is embarking on a $200 million expansion of the casino that will double the number of gaming positions to 2,000 seats. The project includes several new restaurants and bars, a parking garage, and a sound barrier to limit noise in an adjacent neighborhood.

Details Scant

The New York Gaming Commission says there’s no evidence that customer information was seized in the cybersecurity incident. The state is also staying quiet on specifics of the event, including whether a criminal hacking group was behind the incident and if a ransom was demanded.

The gaming industry remains on high alert following the recent cyberattacks at MGM Resorts and Caesars Entertainment. A multinational hacking group called Scattered Spider claimed responsibility for those events, which the gang claims resulted in the seizing of six terabytes of data — or approximately 39 million document pages.

A Casino.org reader told us that he encountered issues last week at Vernon Downs — another VLT property — but his complaints fell on deaf ears.

“I was playing a slot machine that wasn’t recognizing my player’s card,” Daniel Gremillion, Sr. said. “I played this slot machine for quite some time without earning points. When the floor attendant finally came over, I addressed my concern. Her response was, ‘We are aware of the problem.'”

Investigation Ongoing

Everi Holdings has not commented on the cybersecurity event. However, since the company is publicly traded in the US, securities regulations require it to disclose if it paid a ransom.

Many players at VLT casinos across the state are demanding answers about the event and whether they need to take steps to protect their personal information.

I think they should tell us what’s the matter,” Earl Gray, an area resident, told News12. “It’s a public place. Tell us what’s the problem.”

“Something is serious for them to close this long,” added Carole D’Amato, a Shirley resident.