Ohio city warns 123,000+ people of data breach that leaked SSNs, financial and medical info

Comparitech is reporting that the city of Middletown, Ohio today confirmed it notified 123,791 people of a July 2025 data breach that compromised names, SSNs, financial account info, medical info, health insurance info, addresses, and government-issued IDs. 

The cyberattack disrupted city services including water utility billing, which wasn’t fully restored until months later in January 2026.

Commenting on this news is Rebecca Moody, Head of Data Research at Comparitech

“This attack highlights why government agencies remain a key target for hackers.

First, the case shows just how disruptive these attacks can be, with Middletown only being able to restore its water billing system in January of this year, around six months after the attack took place. Second, governments are often in possession of vast quantities of data. Accessing such data not only gives hackers further leverage to demand a ransom, but it also gives them key data that they can sell on the dark web if negotiations fail. The fact that SafePay posted the City of Middletown to its data leak site suggests ransom negotiations failed (for the data theft at least). 

While government agencies are sometimes prevented from paying ransoms (or have to meet strict conditions in order to pay one, as is the case in Ohio), we saw a case just last month (Murray County in Georgia) where the ransom was paid in order to prevent county data from being published. 

It’s win-win for hackers. Receive a ransom demand to decrypt systems and/or delete data, or sell highly sensitive personal data on the dark web.”

I guess hackers are about to have a field day because they seriously hit the jackpot here. Which illustrates why stopping the bad guys from doing evil things is preferable to getting pwned.

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading