West Chester, Ohio, investigates second cyberattack in two weeks

West Chester Township officials said they were alerted around 6:45 a.m. Tuesday to a potential intrusion by a “malicious hacking group” that appeared to target the township’s central email server. The incident is the second in a month for West Chester Township, Ohio; the first occurred on August 12 and was “isolated and contained,” officials said. The township reports no evidence of data theft to date and is working with the FBI Internet Crime Complaint Center, legal counsel and outside cybersecurity experts while a forensic review is underway.

The August 12 activity aligns with a same-day listing by a group calling itself PEAR on a ransomware/extortion site, which a threat-intel account said claimed possession of 2 terabytes of township data. Township officials have not verified those claims and have declined to name a group publicly while the investigation continues. Open-source tracking describes PEAR (often expanded as “Pure Extraction And Ransom”) as a recently emerged, data-extortion operation first seen in June 2025 that relies on data theft and publication threats rather than system encryption.

Operationally, West Chester has not announced major service outages tied to the township incident, and officials say protective steps are in place while email infrastructure is reviewed. Nearby Middletown, Ohio—also in Butler County—continues to grapple with a separate cybersecurity event that shuttered in-person services for police/public records, utility billing, income tax and the health department; 911 remained available, and some functions have gradually resumed. City leaders there have released few technical details and have not confirmed ransomware, keeping public statements limited as recovery proceeds. It is not yet clear whether the same threat actors are behind both communities’ incidents.