The Metropolis of Columbus, Ohio, has notified 500,000 residents that their private information might have been compromised in a ransomware assault that occurred in mid-July 2024.
Though officers initially claimed that solely corrupted information had been taken, data from a safety researcher has revealed that the information was certainly exfiltrated and posted on the darkish net.
The July 18 assault led the town to take essential methods offline, disrupting a number of municipal companies in an effort to comprise the breach.
Rhysida Ransomware Group Claims Accountability
The Rhysida ransomware group has claimed duty for the assault. This cybercriminal group, believed to have ties to Russian risk actors, initially sought a ransom from Columbus, stating it had stolen 6.5 TB of knowledge.
After failed negotiations with the town, Rhysida allegedly posted 3.1 TB of this information on its darkish net leak website. This publicity has grow to be probably the most vital public sector information breaches in current historical past.
The compromised information reportedly contains:
Columbus Takes Authorized Motion In opposition to Safety Researcher
The state of affairs escalated when Columbus filed a lawsuit in opposition to safety researcher David Leroy Ross in early August.
Ross, generally known as “Connor Goodwolf,” knowledgeable native media that residents’ private data had been uploaded to the darkish net. This disclosure immediately contradicted Columbus officers’ earlier assertions that solely unusable, corrupted information had been stolen.
Learn extra on defending delicate information from ransomware: How one can Defend In opposition to Fashionable Ransomware Assaults
Following Ross’s revelations, cyber analysts reviewed samples of the stolen information, discovering a major quantity of delicate information, together with databases, password logs, cloud administration information, worker payroll data and even footage from metropolis site visitors cameras.
The town mentioned it has since dedicated to enhancing its cybersecurity protocols to forestall related assaults sooner or later.
With a inhabitants of 915,000, Columbus knowledgeable the Maine Legal professional Normal’s Workplace that the breach may have an effect on roughly 55% of its residents.
The town is offering two years of free credit score monitoring and id safety companies for impacted residents. Going through mounting public stress, Columbus officers are actually beneath scrutiny to enhance information safety and guarantee clear communication concerning the extent of the breach.
