19.11.2025
2 min
457
The Russian-linked ransomware group Qilin has listed international gaming and casino technology provider IGT on its dark web leak site, claiming to have stolen 10GB of sensitive internal files, while the company has yet to comment.
IGT — one of the world’s largest B2B gaming technology providers behind Wheel of Fortune, Megabucks, and hundreds of other slot titles — appeared on Qilin’s leak blog with a claim of 10GB stolen data, totaling approximately 21,683 files.
Although no sample data was posted, Qilin provided an FTP link, presumably for downloading the stolen content. The entry was marked “Publicated”, suggesting that:
IGT may have refused to pay, or
the company has not contacted the attackers.
IGT operates in more than 100 countries, powering slot machines, lotteries, online casinos, sports betting, loyalty systems, and digital financial services.
Potentially compromised data may include:
player personally identifiable information;
payment and credit records;
loyalty and engagement data;
gaming operations documentation;
internal financial and platform files.
Such a leak could expose millions of players to identity theft, fraud, and targeted social engineering attacks. Qilin is one of the most aggressive ransomware groups of 2025. Since 2023, they have claimed 991 victims, with more than 500 attacks in the last six months alone.
Their main targets include:
manufacturing,
finance,
retail,
healthcare,
government agencies.
Recent victims include Cornerstone Staffing Solutions (120,000 résumés exposed), Spark Power, Habib Bank AG Zurich, as well as Asahi Holdings, Volkswagen France, Cal Club, and Shamir Medical Center. The group operates a RaaS model, actively recruits affiliates on Russian-language forums, and avoids attacking CIS countries, suggesting potential geopolitical alignment.
The IGT incident highlights the high vulnerability of the global gaming and betting sector, where large-scale financial transactions and sensitive customer data make companies prime ransomware targets. With IGT remaining silent, the risk of a full data leak continues to grow.
