Cyber Incident Victim: Scioto County

On January 24, 2025, Scioto County, Ohio, experienced an external system breach resulting from hacking activity. The intrusion remained undetected until March 14, 2025, when county officials discovered unauthorized access to their information systems. The breach compromised personal data of 1,380 individuals, including one Maine resident among those affected. Compromised information included names combined with other personal identifiers, though the specific additional data elements were not detailed in the notification. Scioto County engaged legal counsel from Eckert Seamans Cherin & Mellott, with partner Matthew Meade serving as the primary contact for breach-related communications. The county government, located at 602 7th St in Portsmouth, Ohio, operated as the impacted entity responsible for notifying affected parties. No prior breach notifications had been issued by the county within the preceding twelve-month period.

Scioto County initiated written notifications to all affected individuals on April 3, 2025, including a dedicated notice for the impacted Maine resident documented in the file Scioto_County_4.3.25_L01.pdf. The county offered identity theft protection services through Experian, providing twelve months of credit monitoring and identity restoration assistance to breach victims. The delayed discovery timeline indicated a fifty-day period between the intrusion and its detection. County officials did not disclose whether law enforcement agencies were investigating the incident or whether forensic analysis revealed the attack methodology. The breach reporting complied with Maine's data security breach notification requirements despite only one resident of that state being affected. No information was provided regarding system remediation efforts or enhanced security measures implemented post-breach.