Thousands have SSNs leaked after ransomware attack on Ohio state archive org

One of the oldest historical societies in the state of Ohio was hit with a ransomware attack that leaked the sensitive information of thousands, according to a statement the organization released this week.

The Ohio History Connection is a statewide history nonprofit chartered in 1885 that manages more than 50 sites and museums across the state. It houses the State Historic Preservation Office as well as the official state archives.

The organization published a notice on Thursday saying they mailed breach notification letters on Wednesday to people affected by a ransomware attack the organization experienced last month.

“In early July, cybercriminals executed a ransomware attack upon internal data servers at OHC, effectively encrypting and holding our data hostage. The group also demanded that OHC pay a ransom in the millions of dollars in order to avoid the release of the data to the public,” the organization said.

“OHC made an offer to the cybercriminals to prevent the release of the data. On August 7, the cybercriminals rejected the offer. The personal information of certain stakeholders may now be accessible to those who may be looking for it.”

The names, addresses and Social Security numbers of people employed by the organization from 2009-2023 were leaked during the attacks because the hackers gained access to W-9 reports and other records. The ransomware gang – which was not identified – also accessed documents related to OHC vendors, checks provided to OHC by donors since 2020 and more.

In total, about 7,600 people were affected by the incident. The organization did not say definitively how the ransomware gang made its way into their systems but they intimated that a phishing email with a malicious attachment was the likely method of entry. The FBI and a forensic IT company were involved in the response to the incident.

They are providing victims with one year of free credit monitoring and defended their decision to wait more than a month to notify victims, arguing that they needed time to “gather the relevant information as to the extent of the breach, identify the affected individuals, hold the necessary internal discussions.”

In response to the attack, OHC has moved most of its data and systems to cloud-based services.

Several Ohio-based organizations connected to local governments in the state have been targeted by ransomware gangs over the last two years.

The Cuyahoga Metropolitan Housing Authority in Cleveland, Ohio had data stolen during a ransomware attack in 2021, while the state’s largest oil producer was attacked by the AlphV ransomware group in February. The city of Mount Vernon, Ohio said its police department, municipal court and other government offices were affected by a ransomware attack that started on December 19 while the town of Circleville reported its own ransomware incident in January.