Ransomware attack on Ohio county impacts over 45,000 residents, employees

Ransomware hackers stole Social Security numbers, financial information and more during a recent cyberattack on Union County in Ohio.

The county government began sending out breach notifications to 45,487 local residents and county employees this week. The letters say ransomware was detected on the county’s network on May 18, prompting officials to hire cybersecurity experts and notify federal law enforcement agencies. 

The hackers stole documents that had names, Social Security numbers, driver’s license numbers, financial account information, fingerprint data, medical information, passport numbers and more. 

No ransomware gang has taken credit for the attack publicly, and the letters said the county has been monitoring internet sources but have not found any indication the stolen information was released or offered for sale. 

The county has about 71,000 residents and is 45 minutes outside of Columbus — which dealt with its own ransomware attack one year ago. 

Union County is the latest local government to notify the public of a cyberattack as 2025 has seen dozens of attacks on state, county and city governments, stymying critical services and leaking sensitive resident data. 

Lorain County, which has more than 315,000 residents and is located 30 minutes west of Cleveland, said in June that a network security incident knocked dozens of government systems offline. 

Maryland’s state government is still recovering from a cyberattack last month that disrupted some real-time information systems and services for the disabled. 

Last week, the town of Waxhaw, North Carolina confirmed it was attacked by cybercriminals on September 12. The notorious Qilin ransomware gang took credit for the incident yesterday, claiming to have stolen more than 600GB of data that includes police reports, town business documents and more.