“Please be assured that an exhaustive review of the recent cyber incident is currently underway,” said Ken Brown, city spokesman. “This analysis is detailed and deliberated, and a specialized team of professionals is dedicating the necessary time and expertise to complete this work thoroughly.”
All digital services accessed by Middletown citizens are fully operational, Brown said, including fingerprinting services, public records requests and background checks.
“We extend our sincere appreciation to our residents for their patience as we undertook a comprehensive and methodical process to restore these systems,” Brown said.
City officials did not have further comment on whether possible information accessed was unknown or unable to be released or whether there was a timeline for when that information might be known and/or released.
In November, Journal-News asked city staff why certain information cannot be released.
In response, city staff said if certain information is not released, it is typically because staff have not yet confirmed information to be 100% true, or releasing the information could affect the investigation.
Middletown restored water billing in mid‑January following a months‑long billing outage caused by a cyberattack that occurred in mid‑August.
The city established a grace period through Aug. 31, 2026 for customers to pay balances accrued during the outage. These charges appear in the “current due” section of January water bills, and no late fees will be charged during the grace period on this amount.
In early October, city phone lines, Wi-Fi and email accounts were restored.
Public and police record requests can be fulfilled online at this time, though longer wait times are expected due to a high volume of requests.
Based on October and November contracts, the city has voted to spend $1,029,410 on cyber-related contracts, restoration and equipment.
This includes a $250,000 contract with Moraine-based SecureCyber “on an as needed basis.” A master services agreement was also entered for ongoing threat monitoring, incident response readiness and system hardening. This agreement for August through December 2025 totals $79,400. For 2026 and 2027, the contract totals $202,200 per year.
The city also voted in December to advance $1 million to pad the solid waste, transit and storm water funds since payments had not been distributed due to inactive billing.
Additional documentation on money spent because of the cybersecurity incident was requested via a public records request in October by Journal-News but has not been received.
About the Author
