Cleveland’s judicial system came to a grinding halt on February 22nd when hackers infiltrated the Cleveland Municipal Court’s network, forcing both it and the Cleveland Housing Court to shut down for more than two weeks. The courts finally reopened on March 12th, but with limited operations and a still-disabled website.
But here’s where things get really interesting. Shortly after the attack, someone claiming to be the hacker reached out directly to News 5 Cleveland, demanding a hefty $4 million ransom to prevent the release of what they claim are thousands of stolen sensitive documents.
The Residents Are Being Led by the Nose
That’s how the alleged hacker first introduced themselves to News 5 on February 25th, just two days after the court announced its shutdown due to a “cyber incident.” The cryptic message came with an ominous offer: “We are ready to tell you the details of the cyberattack.”
When pressed for more information, the purported hacker explained that the attack occurred overnight between February 22nd and 23rd. They claimed their group had been in the court’s systems “for a very long time,” downloading “very large amounts of personal data that were not protected in any way.”
The scope of the alleged theft is staggering: “Personal files (of the accused, convicts, employees, residents) were stolen. These are hundreds of thousands of documents.”
Show Me the Proof
News 5 didn’t just take the hacker’s word for it. When they requested evidence, the alleged attacker delivered a list of thousands of supposedly stolen files, including spreadsheets, IRS forms, and documents from vendors like banks and law firms.
Even more concerning, they sent screenshots containing what appeared to be court employees’ personal information—including social security numbers, which News 5 promptly destroyed. They also shared screenshots that seemed to show negotiation messages between themselves and court officials.
In one particularly telling exchange, the alleged hacker complained about the court’s “rudeness” for not responding and threatened to publish the stolen information on their blog. A message that appears to be from court officials claimed they weren’t being silent, explaining that “Someone opened this not understanding what it really was and hadn’t told us they did.”
The $4 Million Question
What does $4 million buy you these days? According to the alleged hacker, it would purchase the court’s peace of mind. If paid, they claimed they would delete all stolen data, ensuring “nobody would ever know about it.” They even offered to provide security recommendations to prevent future attacks—a somewhat ironic customer service offering.
As of the most recent communication with News 5, the court had reportedly not paid the ransom. And based on Cleveland’s previous stance during a cyberattack on city hall last summer, they likely won’t. During that incident, the city firmly stated it would not negotiate with cyberattackers.
When asked if they were responsible for last summer’s attack as well, the alleged hacker replied, “No, this is not our job.”
The Troubling Silence
Perhaps the most concerning aspect of this whole situation isn’t the attack itself—it’s the lack of communication. For weeks, News 5 has attempted to get answers from Cleveland Municipal Court officials and to share the information sent by the alleged hacker. They’ve repeatedly asked whether anything has been done to warn court employees or the public about potential data exposure.
So far, the court hasn’t talked. No one will answer questions about the scope of the breach, the legitimacy of the ransom demand, or what steps are being taken to secure personal information that may have been compromised.
A Growing Trend in Public Sector Attacks
The Cleveland Municipal Court attack isn’t happening in isolation. Public institutions have increasingly become prime targets for ransomware attacks, and for good reason. They often maintain sensitive personal data, operate on outdated systems due to budget constraints, and face challenges implementing robust security measures.
Bryan Brandeberry, senior director of security operations at The E.W. Scripps Company (News 5’s parent company), noted it’s difficult to determine whether the person who contacted News 5 was the actual attacker or someone who purchased the stolen information from the dark web. “Either way, they’re likely the people trying to extort money or ransom for the data,” he explained.
What This Means for Cleveland Residents
If the hacker’s claims are true, this breach could have serious implications for anyone who’s interacted with the Cleveland Municipal Court system. The alleged stolen files contain personal information of accused individuals, convicts, employees, and residents—potentially exposing thousands to identity theft and other forms of fraud.
Yet without official confirmation or denial from the court, it’s impossible to know exactly what information might be at risk or how many people could be affected. This lack of transparency leaves Cleveland residents in an information vacuum, unable to take steps to protect themselves if their data has indeed been compromised.
The Bigger Picture: Why Courts Make Attractive Targets
Courts maintain vast repositories of sensitive information—from social security numbers to financial records, criminal histories to personal addresses. This treasure trove of data makes them particularly valuable targets for cybercriminals looking to extort money.
What’s more, many court systems run on antiquated technology infrastructure with security protocols that haven’t kept pace with evolving threats. Budget constraints often mean that necessary security upgrades take a backseat to other priorities, creating vulnerabilities that sophisticated hackers can exploit.
