The city of Middletown, Ohio today confirmed it notified 123,791 people of a July 2025 data breach that compromised the following personal information:
- Names
- Social Security numbers
- Financial account info
- Medical info
- Health insurance info
- Addresses
- Government-issued ID (e.g. driver’s license)
The cyberattack disrupted city services including water utility billing, which wasn’t fully restored until months later in January 2026.
A ransomware group called SafePay took credit for the breach on September 12, 2025.
The city of Middletown has not acknowledged SafePay’s claim and Comparitech cannot independently verify its authenticity. We do not know how attackers breached the city’s network, if the city paid a ransom, or how much SafePay demanded. Comparitech contacted Middletown officials for comment and will update this article if it replies.
“On August 17, 2025, Middletown learned certain systems within our network
environment were affected by a data security incident,” says the city’s notice (PDF) to victims.
“Following a forensic investigation and extensive manual document review, we discovered on May 18, 2026, that the files that were removed from the network by an unauthorized third-party actor between July 29, 2025 and August 17, 2025.”
Who is SafePay?
SafePay is a ransomware gang that started adding targeted organizations to its data leak site in November 2024. The group uses LockBit-based ransomware. It employs a double-extortion scheme in which a ransom is demanded to restore systems and to delete stolen data.
The group has claimed responsibility for 505 ransomware attacks in total. Of those, 76 were publicly confirmed by the organizations SafePay targeted.
13 of SafePay’s confirmed attacks hit government agencies and public utilities. In addition to Middletown, SafePay took credit for breaches at:
- Gemeinde Kirkel, Germany in March 2025
- Payne County Sheriff’s Office, OK in May 2025
- Liberty Township, OH in May 2025
- Cámara de Comercio de Valencia, Spain in June 2025
- Gemeinde Glatten, Germany in September 2025
- Gemeinde Untereisesheim, Germany in October 2025
- Stadtwerke Clausthal-Zellerfeld, a German public utility company, in October 2025
- Abfallentsorgung Kreis Kassel, a German public utility company, in February 2026
- Harrison County, WV in April 2026
- Soraris, an Italian public utility company, in April 2026
Ransomware attacks on US government
Comparitech researchers logged 88 confirmed ransomware attacks on US government entities in 2025. Those attacks compromised nearly 800,000 records in total. This attack on Middletown was the second-largest in 2025 after the Pierce County Library System in Washington, which notified 336,000 people.
Earlier this month, the city of La Vergne, TN notified 25,728 people of an October 2025 data breach. Another ransomware group called DragonForce claimed responsibility.
In 2026 to date, we’ve recorded 29 more confirmed attacks against US government entities, which have leaked 169,000 personal records. The largest was a breach in Suffolk, VA, which notified 157,000 people of a February 2026 attack claimed by Cloak.
Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, access to data and applications, and online services.
About Middletown, OH
Middletown, Ohio is home to about 50,000 people in Butler and Warren Counties. It’s part of the Cincinnati metropolitan area.