OH: Security breach at software provider affects software in registrar’s office and other vendor clients (UPDATED)

UPJobNews reports:

Lawyers, title company workers and citizens trying to register documents before the end of 2022 found they can’t for now thanks to a security breach affecting the Columbiana County Recorder’s office.

No other Columbiana County offices or servers are affected.

County Recorder Jim Armeni Sr. announced the issue Thursday, posted a note on his office door and posted a press release on the office’s website in an effort to notify everyone, as well as contact the local press.

Notice on Columbiana County Recorder's office
Notice on Recorder’s Office Door. Image: DataBreaches.net.

According to Armeni, he received a notification on Monday from Cott, the registry office’s software provider, that a security threat had been detected on Christmas Day. He said the situation is also affecting recorder’s offices in Lorain, Portage, Delaware, Knox, Ashtabula and Morrow counties, along with other companies and government agencies in other states.

Read more at UPJobNews.

Update 1: When I posted news of this breach on Mastodon, Kevin Beaumont helpfully provided context to the incident. All quotes below are from him:

As reported by @PogoWasRight, there is a security incidents at court records across the US. databreaches.net/oh-security-b

In this thread I will dig into what happened. Headline: Cott Systems got hit on Xmas day, looks like ransomware to me.

Their network boundary systems are all offline. If you want to Shodan it, it’s org: “COTT SYSTEMS” #CottSystems

Cott Systems search results on Shodan

They run Exchange with OWA facing the internet, and by mid November hadn’t applied the #ProxyNotShell patch. #CottSystems

General Info on Cott Systems from Shodan OWA

On the Exchange box IP they also had SonicWALLs management interface facing the internet.

Sonic Wall

About the author: Dissent

Comments are closed.