The Ohio History Connection announced Thursday it was the victim of a ransomware attack in early July on its internal data servers, putting over 7,000 people's data at risk.
The nonprofit museum and research center said hackers executed a ransomware attack asking for millions of dollars in return for data it encrypted and held hostage. The nonprofit, which has a $35 million budget this year, said it made a counteroffer of an undisclosed amount which was rejected by the hackers on August 7.
Ohio History Connection spokesperson Neil Thompson said social security numbers, names, addresses, images of checks and W-9 reports of an estimated 7,600 current and former employees, donors and vendors may now be accessible. But no credit card information was accessed according to the nonprofit.
"We're trying to be transparent both with those affected and the public. It's very, very unfortunate when things like these happen," Thompson said.
The nonprofit said there is no evidence at this time that there has been any use or attempted use of the information exposed in this incident.
Ransomware is malware designed to prevent a user or organization from accessing its data and information on computers they own by encrypting it and demanding a ransom payment in return for the decryption key. It is usually caused by emailing phishing schemes when someone clicks on a malicious link or through drive-by downloading.
Thompson declined to disclose the exact total that the ransom demanded and how much the counteroffer was citing the ongoing investigation by the FBI. He also declined to comment on why the counteroffer was rejected.
The nonprofit waited over a month to begin notifying those at risk of having their data posted. In a news release, the nonprofit said it takes time to gather the relevant information as to the extent of the breach, identify the affected individuals and hold the necessary internal discussions. It said the Ohio History Connection was diligent with the investigation to ensure the appropriate protection services would be provided.
Thompson said letters were mailed Wednesday and the organization started notifying people the same day.
Thompson said the nonprofit is also taking steps to improve its cybersecurity experts to improve their systems. He said this is the first time the Ohio History Connection has been targeted with a ransomware attack
"One of the things that we're doing is we are we are moving to cloud based services, which will have some enhanced security. And then implementing new security systems of everyday use. Things that are meant to reduce our vulnerability," he said.
The FBI declined to comment on the investigation.