Ohio History Connection reports ransomware attack

Ohio History Connection, a nonprofit museum and research center, reports that it fell victim to a ransomware attack in early July, potentially compromising data of around 7,600 individuals, including

• current and former employees,
• donors,
• vendors.

The attack targeted the organization's internal data servers, and hackers demanded a substantial ransom in exchange for the encrypted data they held hostage.

The nonprofit, which operates on a $35 million budget, made a counteroffer to the hackers, but this was rejected on August 7. While no credit card information was accessed, sensitive data was exposed including:

• social security numbers,
• names,
• addresses,
• images of checks,
• W-9 reports

Despite this, the nonprofit stated that there is currently no evidence of the data being used or misused.

No details are available about the nature of the attack

The nonprofit's reporting of the breach was delayed of over a month in notifying affected parties, as the organization needed time to assess the breach's extent and identify impacted individuals (and while they tried to negotiate with the criminals). Ohio History Connection aims to provide necessary protection services and has taken immediate steps to bolster its cybersecurity infrastructure. This includes transitioning to cloud-based services for enhanced security and implementing new systems to reduce vulnerability.