The Sheriff’s office of Warren County, Kentucky yesterday confirmed it notified an undisclosed number of people about a December 2025 data breach that compromised the following info:
- Names
- Social Security numbers
- Driver’s license numbers
- Health insurance ID numbers
A cybercriminal group called RansomHouse took credit for the breach. On its data leak website, RansomHouse said it stole 743 GB of data from the Warren County Sheriff’s Office, including weapon licenses and “videos and investigative materials demonstrating abuse of authority by officers.”
The group said the stolen data “also contains unedited audio recordings of incidents and crime scene photographs,” and “a list of county police informants with their personal information.”
The Warren County Sheriff has not acknowledged RansomHouse’s claim, and Comparitech cannot independently verify it. We do not know how many people the Sheriff notified about the breach, how attackers breached the Sheriff’s network, if the Sheriff paid a ransom, or how much RansomHouse demanded. Comparitech contacted the Warren County Sheriff’s Office for comment and will update this article if it replies.
“On December 20, 2025, the WCSO detected suspicious activity on our computer network,” says the sheriff’s March 5, 2026 notice (PDF) to victims. “As part of our ongoing investigation, we determined that cyber criminals accessed our network, copied and then removed some data from our network.”
The notice sent to breach victims does not mention any offer of free credit monitoring or identity theft insurance, which is typical after a breach of this severity.
Who is RansomHouse?
RansomHouse is a cybercriminal group that first emerged in 2021. It operates a ransomware-as-a-service (RaaS) scheme and in which third-party affiliates pay to use RansomHouse’s malware and infrastructure to launch attacks and collect ransoms. The malware can both lock down target systems and steal data from them.
The group made 51 attack claims in 2025. Of those, 16 were confirmed by the targeted organizations. Four of the confirmed attacks hit government entities. In addition to the Warren County Sheriff, they include:
- Supreme Administrative Court of Bulgaria
- Commune et CPAS de Jemeppe-sur-Sambre, Belgium
- Kulturrådet, the Swedish Arts Council
RansomHouse has made five attack claims so far in 2026 but none were confirmed yet.
Ransomware attacks on US government
Comparitech researchers logged 85 confirmed ransomware attacks on US government entities in 2025, which compromised more than 645,000 personal records in total.
Other such attacks in 2025 included:
- Peabody, MA warned 49,976 people of a June 2025 data breach claim by Interlock
- The Cheyenne and Arapaho Tribes reported a December 2025 data breach and refused to pay Rhysida’s $682,000 ransom
- Mission, TX notified 12,443 people of a February 2025 data breach claimed by Qilin
In 2026, we’ve recorded four confirmed ransomware attacks on US government entities including Midway, FL; New Britain, CT; Winona County, MN; and the Tulsa International Airport.
We’re monitoring 63 unconfirmed attacks claims made by ransomware gangs in 2025 and 18 in 2026 to date.
About the Warren County Sheriff
Warren County is the fifth-largest county in Kentucky with a population of about 148,000 people. The county seat is Bowling Green. The current sheriff is Brett Hightower, who was elected in 2018.
