Crimson Collective breaches Colombia lottery, leaks winner data

Published: 14 October 2025
lottery-company-breach
Image by Cybernews.

A new threat group referring to itself as Crimson Collective has claimed responsibility for a data breach at Loteria de Medellin, a state-operated lottery in Colombia. The gang even shared samples of sensitive information about prize winners.

The gang announced the breach on its Telegram channel, saying it was leaking the data samples and selling the whole batch because the lottery organization failed to respond to its emails, which presumably demanded a ransom.

Crimson Collective seems to have exfiltrated over 1TB of compressed data from the lottery. The group also publicly leaked samples of what appears to be highly sensitive personal and financial information belonging to prize winners.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The data compromised by this relatively new and ambitious ransom gang allegedly includes:

  • Full names
  • National ID numbers (Cédula de Ciudadanía)
  • Scanned copies of national identification cards
  • Dates and places of birth
  • Physical addresses
  • Phone numbers
  • Email addresses
  • Bank account certificates and full account numbers
  • Signatures and fingerprints
  • Internal prize claim and payment forms

The Cybernews research team, which has analyzed the leaked data, found that it indeed includes passport copies and forms filled out by lottery winners.

crimson-lottery-print
Crimson Collective has claimed responsibility for a data breach at Loteria de Medellin, a state-operated lottery in Colombia.

“Malicious actors may believe that the data is valuable based on the premise that lottery winners may be more susceptible to scams,” said the researchers.

“The leaked data could be used for phishing, scams, or identity theft.”

crimson-lottery-print1
The leaked data could be used for phishing, scams, or identity theft.
ADVERTISEMENT

Crimson Collective shot to fame when it recently announced it had stolen 570GB of internal data from software company Red Hat Consulting’s internal GitLab repositories. Previously, the gang also targeted Colombian telecommunications operator Claro and claimed to have breached Nintendo, the gaming giant.

Rapid7 researchers say that Crimson Collective appears to be mostly focusing on collection and exfiltration of databases, project repositories, and other valuable data, putting at risk companies’ products and customers’ information.

According to Dark Reading, Crimson Collective has recently joined the ranks of Scattered LAPSUS$ Hunters, a conglomerate consisting of three previously separate – and notorious – cybercrime gangs: Scattered Spider, LAPSUS$, and ShinyHunters.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT