WHITEHALL, Ohio — The city of Whitehall has sent out 37,000 notification letters to people in 11 states and one U.S. territory alerting them that their personal information may have been compromised following a ransomware attack that happened in late May.
When asked why it took city administrators until December to notify those potentially affected, a city administrator told 10 Investigates that it has taken this long to identify those who may have been impacted.
City administrator Zach Woodruff also told 10 Investigates that after learning of the breach in late May, the city hired a law firm and a cybersecurity firm to help determine what happened.
Woodruff said the city did not pay the ransom and was able to retrieve the files that were compromised. He added no one from the city would be available for an interview.
Following the ransomware attack in late May, the city tweeted out on May 31 that “City Hall is closed to the public for the remainder of the day following technology issues. Our apologies for any inconvenience.” The tweet did not specifically mention the ransomware attack that occurred days earlier.
On Tuesday, the city posted a notification of the data breach to its website and included a Frequently Asked Questions tab should those impacted need to know more information.
The city is offering credit monitoring services as well.
Among the people impacted was Gregory Hensley who told 10 Investigates he hasn’t lived in Whitehall since 2014 but received a letter in the mail saying he was impacted. was concerned because he and his late wife were the victims of identity theft in the past.
When asked what the first thing that went through his mind upon receiving the letter, he said: “Panic.”
Whitehall Police tell 10 Investigates while an online group appeared to claim responsibility for the ransomware attack that affected city data, no arrests have been made.