September 29, 2023

One of many oldest historic societies within the state of Ohio was hit with a ransomware assault that leaked the delicate info of 1000’s, in keeping with a press release the group launched this week.

The Ohio Historical past Connection is a statewide historical past nonprofit chartered in 1885 that manages greater than 50 websites and museums throughout the state. It homes the State Historic Preservation Workplace in addition to the official state archives.

The group revealed a discover on Thursday saying they mailed breach notification letters on Wednesday to folks affected by a ransomware assault the group skilled final month.

“In early July, cybercriminals executed a ransomware assault upon inner knowledge servers at OHC, successfully encrypting and holding our knowledge hostage. The group additionally demanded that OHC pay a ransom within the thousands and thousands of {dollars} so as to keep away from the discharge of the info to the general public,” the group stated.

“OHC made a suggestion to the cybercriminals to forestall the discharge of the info. On August 7, the cybercriminals rejected the provide. The non-public info of sure stakeholders could now be accessible to those that could also be in search of it.”

The names, addresses and Social Safety numbers of individuals employed by the group from 2009-2023 had been leaked throughout the assaults as a result of the hackers gained entry to W-9 experiences and different data. The ransomware gang – which was not recognized – additionally accessed paperwork associated to OHC distributors, checks offered to OHC by donors since 2020 and extra.

In complete, about 7,600 folks had been affected by the incident. The group didn’t say definitively how the ransomware gang made its means into their methods however they intimated {that a} phishing e-mail with a malicious attachment was the possible technique of entry. The FBI and a forensic IT firm had been concerned within the response to the incident.

They’re offering victims with one yr of free credit score monitoring and defended their determination to attend greater than a month to inform victims, arguing that they wanted time to “collect the related info as to the extent of the breach, establish the affected people, maintain the mandatory inner discussions.”

In response to the assault, OHC has moved most of its knowledge and methods to cloud-based companies.

A number of Ohio-based organizations related to native governments within the state have been focused by ransomware gangs over the past two years.

The Cuyahoga Metropolitan Housing Authority in Cleveland, Ohio had knowledge stolen throughout a ransomware assault in 2021, whereas the state’s largest oil producer was attacked by the AlphV ransomware group in February. Town of Mount Vernon, Ohio stated its police division, municipal court docket and different authorities workplaces had been affected by a ransomware assault that began on December 19 whereas the city of Circleville reported its personal ransomware incident in January.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information retailers in South Africa, Jordan and Cambodia. He beforehand coated cybersecurity at ZDNet and TechRepublic.