IGT is reviewing a claim from the Qilin ransomware group, which says it stole data from the company’s internal systems. The group posted IGT’s name on its leak site and stated that it obtained about 10GB of material containing roughly 21,000 files. IGT provides digital gaming, sports betting, and payment technologies to casinos and online operators in more than one hundred countries. The company has not confirmed the intrusion or commented on whether the attackers contacted it directly. Analysts say the “published” label used by Qilin often indicates that a victim did not engage with the group.
According to the claim, the exposed files relate to business systems that support game content, lottery and sports betting platforms, casino management tools, and payment operations. These systems are used by land-based casinos and online venues that rely on IGT for software, transaction routing, and player engagement features. Security researchers who reviewed the samples noted references to internal configuration files and operational documentation. They said the material appears to come from business operations rather than consumer-facing services. There is no indication that production environments, payment card data, or player accounts were disrupted.
Qilin operates a ransomware service that allows affiliated attackers to carry out intrusions and share profits. The group often uses a double extortion model in which data is taken before victims are pressured to pay. If payment is refused, the data is published. The group has targeted firms in manufacturing, healthcare, logistics, and financial services during the past year. Security specialists say its focus on high-value technical data rather than immediate disruption aligns with a broader trend in ransomware activity.
The incident highlights the potential effect on organisations that rely on IGT for gaming and financial technology. IGT’s systems integrate with casino software, online betting platforms, and payment systems that process large volumes of real-money transactions. Any confirmed breach involving internal configuration data or system parameters could raise concerns for partners that depend on these services. Industry analysts recommend that downstream organisations review vendor access, monitor systems linked to IGT for unusual behaviour, and check for unexpected changes in data flow.
IGT has not issued detailed information about its investigation. The company is expected to examine access logs, verify whether any data was taken, and determine the scope of affected systems. Investigators typically assess whether attackers established persistence within networks or attempted to move into customer environments. Security advisers recommend that organisations in the gaming sector review segmentation policies and strengthen monitoring around systems that host sensitive operational data. They also note that firms providing high-volume digital services must maintain strong authentication controls and maintain clear oversight of outbound traffic.