Cyber Incident Victim: Wooster-Ashland Regional Council of Governments

On May 26, 2017, the computer network of the Wooster-Ashland Regional Council of Governments (WARCOG) was breached, compromising over 200,000 records. WARCOG provided 911 emergency dispatching services for Ashland, Wooster, Orrville, and Kidron in Ohio. The breach remained undetected until June 28, 2017, when the FBI notified the organization about the intrusion. Law enforcement characterized the incident as a federal crime. The compromised records originated from police incident reports and contained sensitive personal information including names, Social Security numbers, and driver's license numbers. Officials confirmed the dispatch system itself was not subject to HIPAA regulations as it did not qualify as a covered entity under healthcare privacy rules.

WARCOG initiated response measures immediately after FBI notification, publicly disclosing the breach through a press release on July 1, 2017. The organization offered free credit monitoring and identity theft protection services to affected individuals and began direct notifications to those whose records were exposed. Officials emphasized that existing security measures prevented actual data loss, theft, or damage despite the breach. WARCOG collaborated fully with the FBI's criminal investigation while conducting an internal review of network security protocols, policies, and procedures. The Law Director stated the organization had previously implemented security measures considered advanced for the threat landscape, but nevertheless committed to strengthening defenses against increasingly sophisticated attacks. No connection was established between this incident and the contemporaneous WannaCry ransomware attacks that affected other organizations globally during the same timeframe.