The investigation into the incident remains ongoing with the assistance of third-party specialists, and it is not known yet what personal information, if any, may have been affected.
Clarification on whether this was resident or employee information was not given, though on Aug. 22, preliminary findings were released, stating some “city employee information may have been affected.”
The city did not give clarification on what type of employee data may have been accessed.
“These types of investigations are complex and time-consuming, but we are working diligently to complete it as soon as possible,” the city said in the statement.
Based on the results of the investigation, appropriate actions will be taken to notify and support any affected individuals, according to the statement.
Email, phone and website services remain unavailable to the city.
How can citizens pay bills, access services and contact city staff?
New utility bills are not being generated as of the date of the cybersecurity incident, which was on or about Aug. 17, according to Clayton Castle, Middletown communications manager.
Once the city is fully back online, utility billing and finance will begin to process new bills, according to the statement.
“We cannot estimate the timeline on when that might occur,” the statement read.
In-person payments for bills issued before services were down can be made online through InvoiceCloud or in person at the city building, but payments can only be made by credit card subject to credit card fees.
Utilities will not be shut off due to nonpayment during this time period.
Also, utility account information cannot be accessed and new utility accounts cannot be opened.
The income tax office is also now open and accepting payments, though account information cannot be accessed.
Middletown Municipal Court is running on its normal schedule, and anyone with a pending court case should report as scheduled. In-person services for court administration; criminal and traffic ticket payment; and clerk of courts and warrants are open.
All services have resumed at the Middletown Health Department, including birth and death certificates and inspections.
It is open to the public for in-person services 8 a.m. to 5 p.m. Monday-Friday at the city building.
Citizens needing to contact certain services can call established secondary phone lines:
Middletown Police (non-emergency): 513-425-7701. Those experiencing a criminal or medical emergency should call 911.
Middletown Health Department: 877-774-4636
Code enforcement: 513-635-2331
Building inspection/zoning: 513-760-8455
Middletown Regional Airport: 513-236-3238
The Event Center of Middletown: 513-567-0788
What cybersecurity experts say
Though the city has not directly commented on the nature of the incident, Richard Harknett, director of UC’s Center for Cyber Strategy and Policy and co-director of the Ohio Cyber Range Institute, said it was likely a ransomware attack.
“From the reporting that I have seen, it seems like a classic ... ransomware, encryption type attack,” Harknett said.
Alex Hamerstone, an Advisory Solutions Director at Trusted Sec, said these ransomware incidents are “extremely common.”
“Municipalities are a huge target for them,” he said.
The governments are hit because many do not have the budget or staff for best practice cybersecurity programs, according to Hamerstone.
Harknett added Middletown’s lack of specific details regarding the incident is “not unusual.”
“The general advice from FBI and other law enforcement agencies is to not talk publicly about this,” he said.
Though, he said, this practice is “very frustrating for the public.”
Hamerstone said municipalities have a “higher obligation” to communicate with their residents, but said many do not want to put out incorrect information or may not have all of the information.
Moving forward, there are ways for local governments to protect themselves from cybersecurity attacks, according to Harknett.
The Ohio Persistent Cyber Improvement Program for Local Governments is a free program offering cybersecurity training.
Cybersecurity incidents in Butler County
Middletown is the third Butler County government that has been affected by a cyberattack this year. Liberty and West Chester Twp. governments were impacted most recently.
On Aug. 25, West Chester Twp. was notified of a cybersecurity issue involving its network that targeted its central email service.
It was the township’s second such incident this month, with the first occurring Aug. 12. The first attack was isolated and contained, the township said in a statement.
Most email accounts for township representatives are back up as of Tuesday, Brianna Wooten, township spokeswoman said.
Liberty Twp. is also working with law enforcement and consultants to investigate a May 5 ransomware attack.
In July, letters went out to about 600 individuals — mostly employees — whose personal information may have been compromised. They are being offered identity theft and credit monitor services for 12 months, said Caroline McKinney, township administrator.
Writer Sue Kieswetter contributed to this report.
About the Author
