Attackers stole and encrypted data on current and former employees, donors, members and vendors from the Ohio History Connection (OHC). That group is a public-private nonprofit that houses the State Historic Preservation Office and official state archives, manages a number of museums and “carries out history services for Ohio and its citizens focused on preserving and sharing the state’s history,” per the organization.
The nonprofit announced in a recent blog post that its internal data servers were encrypted in early July by cyber extortionists. The attackers threatened to publicize the impacted data unless OHC paid millions of dollars. OHC said it “made an offer” that failed to sway the attackers. The ransomware perpetrators rejected OHC’s offer on Aug. 7 — meaning they then likely carried through on leaking the data.
The potentially exposed information includes Social Security numbers, names and addresses of people who were employed by OHC anytime from 2009 onward. Vendors may have had their Social Security numbers and names exposed from compromised W-9 forms and other records. Donors and members who paid by check from 2020 on could also be affected, as images of checks were among the potentially compromised data.
The total potential victim count reaches about 7,600 people, and OHC said it mailed notification letters to those folks on Aug. 23. The nonprofit also is offering a call center run by a private company that can field questions. Impacted individuals can enroll in free credit monitoring here: https://response.idx.us/ohc/. Anyone can set up free fraud alerts at the three major credit bureaus as well.
OHC turned to forensic IT consulting firms to help restore its data and rebuild systems. The history organization wrote that it is now moving much of its data to the cloud, for greater resilience, and is adopting new security “systems, features and measures” intended to better protect personally identifiable information and reduce likelihood of falling to future attacks.
