Warren County Sheriff’s Office: A Kentucky Sheriff warns residents of data breach that leaked SSNs

Warren County Sheriff’s Office Hit by Massive Data Breach Linked to RansomHouse

The Warren County Sheriff’s Office (WCSO) in Kentucky disclosed a December 2025 data breach affecting an undisclosed number of individuals, exposing sensitive personal information, including names, Social Security numbers, driver’s license details, and health insurance IDs. The cybercriminal group RansomHouse claimed responsibility, alleging it stole 743 GB of data including weapon licenses, investigative materials, unedited audio recordings, crime scene photographs, and a list of police informants with their personal details.

In a March 5, 2026, notice to victims, the WCSO confirmed detecting "suspicious activity" on its network in December 2025, later determining that attackers accessed, copied, and exfiltrated data. The sheriff’s office has not addressed RansomHouse’s claims, nor has it disclosed whether a ransom was paid or demanded. Notably, the breach notification did not include offers of credit monitoring or identity theft protection, a common response in incidents of this scale.

RansomHouse, a ransomware-as-a-service (RaaS) group active since 2021, operates by leasing its malware and infrastructure to affiliates. In 2025, the group claimed 51 attacks, with 16 confirmed four of which targeted government entities, including Bulgaria’s Supreme Administrative Court, a Belgian municipality, and Sweden’s Arts Council. So far in 2026, RansomHouse has made five claims, none yet verified.

The WCSO breach is part of a broader surge in ransomware attacks on U.S. government agencies. In 2025, researchers recorded 85 confirmed incidents, compromising over 645,000 records. Other notable 2025 breaches included attacks on Peabody, MA (49,976 affected), the Cheyenne and Arapaho Tribes (refused a $682,000 ransom), and Mission, TX (12,443 notified). In 2026, four additional U.S. government entities have already confirmed ransomware incidents.

Warren County, Kentucky’s fifth-largest, has a population of approximately 148,000, with Bowling Green as its county seat. Sheriff Brett Hightower, elected in 2018, leads the agency. The full scope of the breach including the attack vector and total number of affected individuals remains unclear.

Source: https://www.comparitech.com/news/a-kentucky-sheriff-warns-residents-of-data-breach-that-leaked-ssns/

Warren County Sheriff's Office cybersecurity rating report: https://www.rankiteo.com/company/warren-county-sheriff's-office

"id": "WAR1772821739",
"linkid": "warren-county-sheriff's-office",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Law Enforcement',
                        'location': 'Warren County, Kentucky, USA',
                        'name': 'Warren County Sheriff’s Office (WCSO)',
                        'size': 'Medium (serving ~148,000 population)',
                        'type': 'Government Agency'}],
 'customer_advisories': 'Breach notification sent to affected individuals',
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': ['Audio recordings',
                                        'Photographs',
                                        'Documents'],
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'Driver’s license details',
                                              'Health insurance IDs',
                                              'Weapon licenses',
                                              'Investigative materials',
                                              'Unedited audio recordings',
                                              'Crime scene photographs',
                                              'List of police informants with '
                                              'personal details']},
 'date_detected': '2025-12',
 'date_publicly_disclosed': '2026-03-05',
 'description': 'The Warren County Sheriff’s Office (WCSO) in Kentucky '
                'disclosed a December 2025 data breach affecting an '
                'undisclosed number of individuals, exposing sensitive '
                'personal information, including names, Social Security '
                'numbers, driver’s license details, and health insurance IDs. '
                'The cybercriminal group *RansomHouse* claimed responsibility, '
                'alleging it stole 743 GB of data including weapon licenses, '
                'investigative materials, unedited audio recordings, crime '
                'scene photographs, and a list of police informants with their '
                'personal details.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '743 GB',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, Data exfiltration',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransomware_strain': 'RansomHouse (RaaS)'},
 'references': [{'date_accessed': '2026-03-05',
                 'source': 'WCSO Breach Notification'}],
 'response': {'communication_strategy': 'Breach notification to victims on '
                                        'March 5, 2026'},
 'threat_actor': 'RansomHouse',
 'title': 'Warren County Sheriff’s Office Data Breach Linked to RansomHouse',
 'type': 'Data Breach, Ransomware'}