City of Columbus: Data of 500,000 stolen in July ransomware attack
The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack.
Ohio's capital city (with a population of over 905,000) was hit by the ransomware attack on July 18. The resulting outages affected various services and IT connectivity between public agencies.
City officials announced at the end of July that no systems had been encrypted and revealed that the City's administration was still investigating the possibility that sensitive data had been stolen during the breach.
The Rhysida ransomware gang claimed the attack the same day, alleging they had stolen databases containing 6.5 TB of data, including employee credentials, city video camera feeds, server dumps, and other sensitive information.
After failing to extort the City, the threat actors started leaking the stolen data, publishing 45% of stolen data comprising 260,000 documents (3.1 TB) on the gang's dark web leak portal.
Following this, Columbus Mayor Andrew Ginther told local media that the leaked data should not concern the public because it was "encrypted or corrupted."
However, security researcher David Leroy Ross (aka Connor Goodwolf) disputed the Mayor's claim, sharing samples of the leaked data with media outlets to illustrate that it contained unencrypted personal information belonging to city employees, residents, and visitors.
The City filed a lawsuit alleging Goodwolf's spreading stolen data was illegal and negligent. It sought damages of $25,000 and a temporary restraining order and permanent injunction against the researcher to prevent further dissemination of the leaked data. A Franklin County judge issued a temporary restraining order barring Goodwolf from downloading and disseminating the City's stolen data.
However, despite the City's previous claims that the leaked data was unusable, as shown in breach notification letter samples filed with Maine's Office of the Attorney General, it notified 500,000 individuals in early October that the attackers stole and published some of their personal and financial information on the dark web.
"The information involved in the Incident may have included your personal information, such as your first and last name, date of birth, address, bank account information, driver's license(s), Social Security number, and other identifying information concerning you and/or your interactions with the City," the breach notification letters reveal.
Although the City has yet to find evidence their data was misused, it advises the individuals impacted by this breach to monitor their credit reports and financial accounts for signs of suspicious activity.
It is now also providing 24 months of free 24 months Experian IdentityWorks credit monitoring and identity restoration services.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024