Golf Manor, Ohio, had suffered a ransomware attack that encrypted its network and backups. A draft resolution on the village website said the village had “become the victim of a cybersecurity ransomware attack” and set conditions for any ransom payment. I watched the Nov. 24 council meeting, read the resolution and wrote up the incident for DysruptionHub, tagging it as “Original Reporting,” then posted the link in the r/Cincinnati subreddit to get local eyes on it.
By the next morning, WLWT had a story on its site: “Ransomware attack infiltrates village of Golf Manor’s internal computer network.” It cited the same council meeting and described backups as encrypted, just as the resolution did. Other Cincinnati outlets soon followed with their own versions.
At no point did any of them say, “As first reported by DysruptionHub.”
This is not a one-off
If Golf Manor were the only time I watched my scoop come back to me without credit, I might chalk it up to coincidence. It is not.
On Aug. 25, the Texas attorney general’s office quietly posted a “Public Information Act Catastrophe Notice” from the city of Greenville. It said city servers had been “attacked by a ransomware group,” that officials had no access to police or other records and that about 20 public information requests were on hold. The notice sat on a little-seen page where governments file catastrophe notices.
I spotted it, recognized it as a serious incident and that same day published “Greenville, Texas, suspends records after ransomware cripples servers” on DysruptionHub, then shared the story in r/Texas so people in the region would see it. The next afternoon, KERA in Dallas ran its own piece describing the same attack and loss of records, with no mention that an independent outlet had already surfaced the filing.
I do not claim ownership of public records. I am not asking for exclusivity over a council packet or a catastrophe notice. I am asking for something far smaller and more basic: an honest acknowledgment that someone else got there first. “As first reported by DysruptionHub” would have done the job.
This is specialized beat work, not random luck
I am not a general assignment reporter who happens to bump into cyber incidents between car crashes and ribbon cuttings. DysruptionHub exists to track cyber events that hit governments and public services. It is part journalism, part open-source intelligence.
Most days my work means following paper trails: combing government sites for hints of trouble, reading fine print in local meeting packets almost no one else is watching, noticing when a small office or vendor says its systems are “temporarily unavailable.” It is not glamorous, but it is pattern-spotting most general assignment desks do not have the time or focus to do. So when I publish a story built off those signals and, hours or a day later, a local outlet appears with the same incident built on the same document, it is hard to believe we all had the same idea at the same time.
Very often, I can see the pipeline. Once a piece is published on DysruptionHub, I share it in the relevant local subreddit. In the Golf Manor case, I posted the story to Reddit and, within hours, WLWT published its piece built off the same council meeting and resolution language.
I do not begrudge anyone using it that way. What bothers me is when the pipeline ends with a segment or web story that tells viewers “local officials report” or “News X has learned,” without ever admitting that the first clue came from someone else’s reporting. Verification is important. But verification is not the same thing as discovery, and the ethics that are supposed to govern this profession are clear about how we should treat other people’s work.
The ethics aren’t vague
The Society of Professional Journalists’ Code of Ethics boils this down to a blunt line: “Never plagiarize. Always attribute.” If your story exists because you saw someone else’s reporting and then matched or advanced it, the ethical move is to say so, “As first reported by [Publication]” or “According to reporting from [Reporter] at [Outlet]”, and link to the original work.
That does not mean every story that mentions a ransomware attack has to trace its lineage back through every prior mention. It does mean that when your only reason for knowing about Golf Manor or Greenville is that you saw another outlet’s reporting, you owe your audience an honest explanation of how the story came to you. Attribution is not charity. It is transparency.
Why it matters to more than my ego
I can already hear the response: Who cares who was first. The public just needs the information.
The public does need the information. That is exactly why this pattern is troubling. For small newsrooms and independent projects, being first is one of the only ways to be visible. A credited link from a major outlet can bring readers who would never otherwise find a niche site like DysruptionHub. Silent reuse does the opposite. It keeps audiences locked into the biggest brands, even when those brands did not do the discovery work.
Attribution also teaches people how news is made. “As first reported by” quietly admits that good stories often start outside a station’s walls, with freelancers, small outlets and public-records sleuths. It tells viewers there is a broader watchdog ecosystem and, especially in cyber coverage, helps prevent confusion about who has actually verified what.
A small fix
None of this requires TV stations or metro papers to stop covering cyber incidents that small outlets uncover. I want more local newsrooms to take these attacks seriously, hold their governments accountable and follow up when the recovery costs hit the budget.
The fix I am asking for is modest: If your newsroom learned of an incident from another outlet’s reporting, say so plainly. Use language like “as first reported by DysruptionHub” or “according to reporting from DysruptionHub” in your script and web copy. Link directly to the original story online. That is it. No groveling, no credits roll. Just a line or two that acknowledges how the story entered your newsroom.
Local TV and local news sites can do this. They can still verify the facts, still send a camera to city hall, still describe the ransomware attack as “confirmed by local officials.” Basic attribution does not stop them from doing journalism. It only stops them from standing on someone else’s shoulders while pretending the view is entirely their own.
I run a small outlet on a narrow beat. DysruptionHub will never match WLWT’s ratings or KERA’s audience. I chose this work because I care about how cyber incidents hit public services and local government, and because someone has to sit with the dull public records until the uncomfortable facts surface.
What I am asking from the local TV and local newsrooms that sometimes arrive after I have done that digging is not special treatment. It is the same basic respect they expect from each other. They would not be happy if a national network rewrote their scoop about a city hall corruption scandal without a hint of credit. They should not do to smaller outlets what they would never accept themselves.
The public deserves to know who is actually watching these systems and doing the unglamorous work before anyone calls a press conference. Sometimes that is the local TV newsroom. Sometimes it is the tiny cyber outlet they first saw in a Reddit tab.
