Major Ransomware Attack Hits Union County, Exposing Personal Data of Over 45,000 People

Union County, Ohio said it suffered a significant ransomware attack earlier this year that compromised the sensitive personal information of more than 45,000 individuals.

 

In a data security incident notice filed with the Office of Maine Attorney General, officials of Union county said that on May 18, a ransomware attack was detected on the county’s internal; network where threat actors infiltrated its internal network and encrypted it with malware.

 

The county immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident. It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“Through our investigation, we determined that the cyber criminals accessed our network from May 6, 2025 through May 18, 2025, and took some County data,” Union County officials said.

 

The compromised data included names and other personal information including Social Security Numbers. The filing with the Maine state regulator also states that county officials have identified at least 45,487 individuals impacted by the incident.

 

To strengthen its security and prevent future incidents, county officials stated that several actions have been taken, including the deployment of tools to enhance threat detection and accelerate incident response. Union County’s internal network is actively monitored, and a comprehensive password reset has been completed.

 

Union County has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Union County. Officials of the county also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.