The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack.
Ohio's capital city (with a population of over 905,000) was hit by the ransomware attack
on July 18. The resulting outages affected various services and IT connectivity between public agencies.
City officials
announced at the end of July that no systems had been encrypted and revealed that the City's administration was still investigating the possibility that sensitive data had been stolen during the breach.
The Rhysida ransomware gang claimed the attack the same day, alleging they had stolen databases containing 6.5 TB of data, including employee credentials, city video camera feeds, server dumps, and other sensitive information.
After failing to extort the City, the threat actors started leaking the stolen data, publishing 45% of stolen data comprising 260,000 documents (3.1 TB) on the gang's dark web leak portal.
Following this, Columbus Mayor Andrew Ginther told local media that the leaked data should not concern the public because it was "encrypted or corrupted."
However, security researcher David Leroy Ross (aka Connor Goodwolf) disputed the Mayor's claim,
sharing samples of the leaked data with media outlets to illustrate that it contained unencrypted personal information belonging to city employees, residents, and visitors.
The City
filed a lawsuit alleging Goodwolf's spreading stolen data was illegal and negligent. It sought damages of $25,000 and a temporary restraining order and permanent injunction against the researcher to prevent further dissemination of the leaked data. A Franklin County judge
issued a temporary restraining order barring Goodwolf from downloading and disseminating the City's stolen data.
However, despite the City's previous claims that the leaked data was unusable, as shown in
breach notification letter samples filed with Maine's Office of the Attorney General, it
notified 500,000 individuals in early October that the attackers stole and published some of their personal and financial information on the dark web.
