Ransomware Hits Columbus: 500,000 Residents’ Data Compromised

Sophia Taylor

By Sophia Taylor

Published:

A recent cyberattack on the City of Columbus, Ohio, has exposed sensitive information of approximately 500,000 residents, accounting for over half of the city’s population.

The attack, attributed to the Rhysida ransomware gang, has left both residents and city officials grappling with the fallout of one of the most significant data breaches in Columbus’s history.

The Scope of the Attack

The attack, which took place on July 18, 2024, compromised Columbus’s IT infrastructure and disrupted numerous public services. Initial city statements reassured residents that the attackers did not encrypt systems with ransomware.

However, they later confirmed that the hackers had successfully accessed 6.5 terabytes of data. This trove included first and last names, dates of birth, Social Security numbers, addresses, bank details, driver’s license numbers, and other identifying details linked to interactions with the city.

Further, the breach impacted several internal city systems, with the ransomware group reportedly obtaining employee credentials, video feeds, system backups, cloud data files, and even access to the city’s traffic cameras.

The leaked data has since been partially published on the dark web, raising significant concerns about privacy and security.

Rhysida Gang’s Extortion Attempt and Data Leak

After stealing the data, the Rhysida ransomware gang attempted to extort the City of Columbus, demanding payment in exchange for keeping the information private.

When their demands went unmet, the group released around 3.1 terabytes of data—representing roughly 45% of the stolen information—on a dark web portal accessible to cybercriminals. This release included 260,000 documents, many containing highly sensitive details.

Initially, city officials claimed that the data Rhysida leaked was encrypted or corrupted, suggesting it was unlikely to harm affected individuals.

However, security researcher David Leroy Ross later contradicted this assertion. He presented media outlets with unencrypted data samples that showed residents’ and employees’ sensitive information was indeed accessible and potentially usable.

In response, the city filed a lawsuit against Ross, alleging that his actions were reckless and spread stolen information. A temporary restraining order was issued, preventing him from further disseminating the leaked data.

Steps Taken to Support Affected Residents

Columbus city officials began notifying the 500,000 affected individuals in early October, detailing the compromised information and encouraging them to monitor their financial accounts for suspicious activity.

Recognizing the potential long-term impact on residents, the city is offering 24 months of free credit monitoring and identity restoration services to help mitigate potential risks.

Despite these efforts, the incident has left many residents concerned about their personal security and unsure of the long-term implications of this breach.

Columbus authorities are still investigating, but the breach highlights the need for stronger cybersecurity measures within public institutions, as well as increased transparency with affected communities when such breaches occur.

As investigations continue, the City of Columbus faces mounting pressure to address vulnerabilities and improve cybersecurity protocols to protect its residents from future attacks.