Columbus is grappling with the fallout from a significant data breach, as the Rhysida ransomware group has begun leaking over three terabytes of stolen data on the dark web. The breach, which targeted the city's employees, comes after two failed auctions by the hackers to sell the data.
The leak, which started early Thursday morning, includes a substantial portion of the 6.5 terabytes of data that Rhysida claims to have stolen. Among the leaked files are personal data from city employees’ computers and SQL backup files containing entire databases.
Cybersecurity experts, including Ohio State Assistant Professor Carter Yagemann and CMIT Solutions' Daniel Maldet, have confirmed the data's release.
While the complete extent of the breach remains unclear, NBC4 has verified that the leaked data contains files related to current city employees, as well as at least one contractor and a former staff member who left in 2021.
The hackers initially demanded 30 bitcoin (approximately USD 1.7 million) as the starting bid for the auction, but this failed to attract buyers.
However, cybersecurity expert Shawn Waldman has warned that the situation is dire, especially as the city has only just begun rolling out credit monitoring for affected individuals.
"The fact that some of the personally identifiable information is already out and available means the damage could be irreversible," Waldman said.
He also suggested that the data not yet released may have been sold privately, although this cannot be confirmed.
Columbus Mayor Andrew Ginther acknowledged the breach in a statement, though he downplayed the severity of the leaked data, noting that the failure to sell the data could indicate it lacks value.
However, Waldman and other experts caution that the situation is far from resolved. "If the city doesn’t continue negotiations, we could see the entire data set leaked in the near future," Waldman said.
Rigwht now, the city is working with the FBI and the Department of Homeland Security to look into the data breach that was first noticed on July 18.
Even though the city's IT team stopped the hackers from locking down the city's systems, they still managed to steal a lot of important information. This has put Columbus officials and residents on high alert as the investigation continues.