Columbus Ransomware Attack Compromises Personal Data of Half a Million Residents
On August 17th, Columbus Mayor Andrew Ginther held a press conference to provide more details on the massive ransomware attack and data breach the city experienced in late July. The attack has resulted in reams of data, including personal information on both city employees and private citizens, being leaked onto the dark web.
Columbus Ransomware Attack Results in Far More Compromised Data than Initially Reported
Ginther acknowledged that the initial reports significantly underestimated the scale of compromised data. The attack likely compromised the personal information of around 500,000 Columbus residents, putting their financial security at risk. Data stolen includes scanned photo IDs, court documents, and potentially bank account information.
This contradicts earlier statements from Ginther that claimed only encrypted city employee data was accessed. Local cybersecurity experts have found evidence of a much wider breach by analyzing data dumps on the dark web. Ginther took responsibility for providing inaccurate initial information but claims it was the best information available at the time.
Ransomware Group Demanded $1.66 Million to Keep Data Private
The attack was carried out by the ransomware group “Rhysida”, who demanded $1.66 million in Bitcoin as ransom to keep the stolen data private. While the city has not paid any ransom, Ginther explained they expanded credit monitoring to all residents due to the assumption that more personal data will be leaked online.
Investigation Ongoing, More Bad News Expected
Ginther stated the technical investigation into the attack is still ongoing and further analysis may reveal additional data was compromised. Systems are being prioritized for restoration to allow basic services to function, but this could risk exposing more data. No written reports have been provided to officials yet due to the complexity of analyzing breached systems and stolen data across different departments.
Ginther promised to provide further details as the investigation continues. The city has partnered with the Ohio National Guard for technical assistance and will provide free credit monitoring through November in an effort to help protect affected residents from financial fraud or identity theft. Columbus residents are advised to regularly monitor statements and reports for suspicious activity.