Download Privacy Needle App

Type to search

News

U.S. Government Reportedly Paid $1M After Massive Data Theft

Share
A U.S. government entity reportedly paid $1 million in Bitcoin to a cyber extortion group after sensitive data was stolen, highlighting a growing trend in which hackers

U.S. Government Quietly Paid Hackers $1 Million After Massive Data Theft, Report Reveals

  • U.S. Government Paid Hackers $1 Million Without a Single File Being Encrypted
  • Hackers Scored $1M From U.S. Government Using a New Extortion Tactic
  • New Report Reveals Secret $1 Million Payment to Cyber Extortion Group
  • No Ransomware, No Encryption Yet Hackers Still Won $1 Million
  • Cybercriminals Are Changing the Rules and Governments Are Paying the Price

A U.S. government entity reportedly paid $1 million in Bitcoin to a cyber extortion group after sensitive data was stolen, highlighting a growing trend in which hackers no longer need to encrypt systems to secure massive ransom payments.

The payment, detailed in a new case study by Ransom-ISAC, was allegedly made to the cybercriminal group Kairos following weeks of negotiations. Investigators say the attackers relied entirely on stolen data as leverage, threatening to publish confidential files unless the victim paid.

No Ransomware, Just Stolen Data

Unlike traditional ransomware attacks that lock computers and demand payment for decryption keys, the Kairos operation reportedly involved no file encryption at all.

Instead, the attackers claimed to have stolen more than 2 terabytes of data including approximately 1.6 million files before demanding an initial ransom of $3 million. After nearly a month of negotiations, the payment was reduced to roughly $1 million, which was transferred in Bitcoin in June 2025. Researchers traced the cryptocurrency through multiple wallets linked to major exchanges.

Clues Point to an Ohio Government Network

Although the case study does not officially identify the victim, investigators say leaked negotiation records strongly suggest the compromised organization was Union County, Ohio.

The county disclosed a cyber incident in 2025 affecting tens of thousands of residents, with stolen information reportedly including Social Security numbers, financial records, passport information, and fingerprints. Neither Union County nor Kairos has publicly confirmed the connection.

Paying Doesn’t Guarantee Data Is Safe

After receiving the payment, Kairos reportedly provided what it described as “proof of deletion.” However, cybersecurity researchers caution that there is no reliable way to verify whether stolen files have actually been erased.

Experts warn that paying cybercriminals remains a high-risk decision because attackers may retain copies of the data, sell it to other threat actors, or return with additional extortion demands.

A New Era of Cyber Extortion

The incident underscores a major shift in cybercrime. Increasingly, threat groups are abandoning traditional ransomware in favor of pure data extortion, where the threat of exposing stolen information becomes the primary weapon.

Security researchers note that many modern cyberattacks now focus on stealing sensitive data rather than disrupting operations, allowing criminals to pressure victims without deploying encryption malware. This approach is becoming increasingly common against government agencies, healthcare providers, and businesses that manage large volumes of confidential information.

As cyber extortion tactics continue to evolve, the case serves as a stark reminder that organizations must invest not only in ransomware defenses but also in preventing data theft, strengthening identity security, and preparing for increasingly sophisticated extortion campaigns.

Watch Our Latest Video
Stay ahead with expert insights on privacy, cybersecurity, artificial intelligence, data protection and compliance.
minnesota fraud crackdown shorts #Minnesota #Fraud #CyberNews #IdentityTheft #Shorts
Published: May 27, 2026
Daily Privacy News
Cybersecurity Updates
Data Protection Tips
GDPR & NDPA Explained
Tags:
Ikeh James Certified Data Protection Officer (CDPO) | NDPC-Accredited

Ikeh James Ifeanyichukwu is a Certified Data Protection Officer (CDPO) accredited by the Institute of Information Management (IIM) in collaboration with the Nigeria Data Protection Commission (NDPC). With years of experience supporting organizations in data protection compliance, privacy risk management, and NDPA implementation, he is committed to advancing responsible data governance and building digital trust in Africa and beyond. In addition to his privacy and compliance expertise, James is a Certified IT Expert, Data Analyst, and Web Developer, with proven skills in programming, digital marketing, and cybersecurity awareness. He has a background in Statistics (Yabatech) and has earned multiple certifications in Python, PHP, SEO, Digital Marketing, and Information Security from recognized local and international institutions. James has been recognized for his contributions to technology and data protection, including the Best Employee Award at DKIPPI (2021) and the Outstanding Student Award at GIZ/LSETF Skills & Mentorship Training (2019). At Privacy Needle, he leverages his diverse expertise to break down complex data privacy and cybersecurity issues into clear, actionable insights for businesses, professionals, and individuals navigating today’s digital world.

  • 1

You Might also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Rating

This site uses Akismet to reduce spam. Learn how your comment data is processed.