In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years.
There has been great interest in the attack linked to the Rhysida ransomware group due to the extent of the data stolen as well as the controversy surrounding the city's response.
The City of Columbus, the state capital of Ohio, has confirmed that hackers stole data from 500,000 residents during a ransomware attack in July, locking them out.
The City of Columbus confirmed in a filing with the state attorney general that a "foreign cyber threat actor" had infiltrated the city's network to access information about residents, including their names, dates of birth, addresses, ID documents, Social Security numbers, and bank accounts.
With a population of 900,000 people, the city in Ohio has the largest population of any municipality in the state, with around half a million people affected by the flooding, but the exact number of victims has yet to be determined.
In a regulatory filing, the city revealed that it had "thwarted" a ransomware attack on July 18 of this year, which was the effect of disconnecting its network from the internet to thwart the attack.
This attack has been claimed by the Rhysida ransomware group, which specializes in crypto-ransomware attacks.
Cybercriminals believed to be connected to Russian threat actors sought a ransom from Columbus in the initial stages of the attack, claiming that 6.5 TB of data was stolen by this group.
It is alleged that Rhysida introduced 3.1 TB of data from this database to the dark web leak site after negotiations with the city failed. A significant data breach in the public sector has occurred within the last two years as a result of this exposure.
According to Rhysida, the ransomware gang, the attack occurred the same day. They claim they have stolen databases containing 6.5 TB of data, including information about staff credentials, video feeds from the city camera system, and server dumps, along with other sensitive data.
There has been no increase in the amount of stolen data that is now being published on the dark web leak portal of the gang because they failed to extort the City. Some 45% of the stolen data includes 260,000 documents (3.1 TB) on this portal.
There was no need to be concerned about the leak of the data because the data was "encrypted or corrupted" as the mayor of Columbus Andrew Ginther said in his statement to the Columbus media.
As a result, David Leroy Ross (aka Connor Goodwolf) of the Security Research Group, a British security research company, refuted the Mayor's claim by sharing some samples of the leaked data with press outlets, which showed that it contained unencrypted personal information belonging to city employees, residents, and visitors.
As of early August, Columbus had filed a lawsuit against security researcher David Leroy Ross, escalating the situation to a point where it became an extreme situation.
In an announcement to the local media, Ross, who goes by the username "Connor Goodwolf", reported that residents' personal information had been uploaded on the dark web. According to the disclosure, Columbus officials had earlier claimed that only unusable, corrupted data had been stolen, which was contrary to the new disclosure.
The first cyber analysts to investigate the stolen data discovered a significant volume of sensitive files among them databases, password logs, cloud management files, employee payroll records, and even footage culled from city traffic cameras in the aftermath of Ross's revelations.
In response to this attack, the city said it has committed to improving its cybersecurity protocols in the future to prevent similar attacks from happening again.
In Columbus, a town of approximately 915,000 people, the Maine Attorney General's Office received a report from the city informing them that the breach may affect approximately 55% of its citizens. Those affected by this tragedy will receive two years of free credit monitoring and identity protection services as a gesture of goodwill from the city. The city of Columbus has been put under increasing public pressure to ensure that data is protected and transparent communications about the extent of the breach are made in light of rising public pressure.
As a result of the City's lawsuit, Goodwolf is alleged to have spread stolen data illegally and negligently.
There was a request for monetary damages with a request for a temporary restraining order and a permanent injunction, and the researcher was ordered to stop further dissemination of the leaked data to prevent future disclosures. It was decided in December 2011 that a temporary restraining order would be issued in Franklin County prohibiting Goodwolf from downloading and disseminating the data they stole from the City.
The City had previously claimed that the leaked data was useless, but as shown in breach notification letter samples filed with the Maine Attorney General's Office, despite its claims, it informed 500,000 people in early October that some of their financial and personal information had been stolen and published on the dark web by those who stole it.
There has been a breach of the City information system, according to the breach notification letters, which include your personal information, including your first and last name, date of birth, address, bank account information, driver's license number, Social Security number, and other identifying information that may have been included as a result of the incident.
Although the City has yet to find evidence of the misuse of its data, it warns those affected by this breach to keep a close eye on their credit reports and financial accounts to ensure no suspicious activity is taking place.
It is now also offering 24 months of free 24 months of monitoring of credit and identity, provided by Experian IdentityWorks, as well as identity restoration services provided by Experian.