Columbus says ransomware gang stole personal data of 500,000 Ohio residents

Date:

Share post:


The City of Columbus, Ohio’s state capital, has confirmed that hackers stole the personal data of 500,000 residents during a July ransomware attack. 

In a filing with Maine’s attorney general, Columbus confirmed that a “foreign cyber threat actor” compromised its network to access information including residents’ names, dates of birth, addresses, identification documents, Social Security numbers, and bank account details. 

The city, which is the most populous in Ohio with approximately 900,000 residents, says around half a million individuals were affected, though it has not confirmed the exact number of victims. 

The regulatory filing comes after Columbus was the target of a ransomware attack on July 18 of this year, which the city claimed to have “thwarted” by disconnecting its network from the internet. 

Rhysida, the ransomware gang responsible for last year’s British Library cyberattack, claimed responsibility for the attack against Columbus in August. At the time, the gang said it had stolen 6.5 terabytes of data from the city in Ohio including “databases, internal logins and passwords of employees, a full dump of servers with emergency services applications of the city and … access from city video cameras,” according to local news reports.

Rhysida asked for 30 bitcoin, around $1.9 million at the time of the cyberattack, as payment for the stolen data. 

Two weeks after the cyberattack, Columbus mayor Andrew Ginther told the public the stolen data was likely “corrupted” and “unusable.”

The accuracy of Ginther’s statement was thrown into doubt the following day after David Leroy Ross, a cybersecurity researcher also known as Connor Goodwolf, revealed that the personal information of hundreds of thousands of Columbus residents had been listed on the dark web.

In September, Columbus sued Ross, alleging that was “threatening to share the City’s stolen data with third parties who would otherwise have no readily available means by which to obtain the City’s stolen data.” A judge filed a temporary restraining order against Ross, preventing him from accessing the stolen data. 

In a listing on its leak site, seen by TechCrunch on Monday, Rhysida claims to have uploaded 3.1 terabytes of “unsold” data stolen from Columbus, amounting to more than 250,000 files. 



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

OpenAI’s GPT-5 reportedly falling short of expectations

OpenAI’s efforts to develop its next major model, GPT-5, are running behind schedule, with results that don’t...

OpenAI announces new o3 model — but you can’t use it yet

Welcome back to Week in Review. This week, we’re looking at OpenAI’s last — and biggest —...

Google pushes back against DOJ’s ‘interventionist’ remedies in antitrust case

Google has offered up its own proposal in a recent antitrust case that saw the US Department...

If climate tech is dead, what comes next?

Humans have an innate desire to name things, but to be honest, we’re not always that good...

Hollywood angels: Here are the celebrities who are also star VCs

Becoming a venture capitalist has become the latest status symbol in Hollywood.  Everyone these days, from Olivia Wilde...

Meet Skyseed, a VC fund and incubator backing the Bluesky and AT Protocol ecosystem

On November 15, Peter Wang posted a message requesting ideas for a new incubator and fund to...

Sam Altman disputes Marc Andreessen’s description of AI meetings with Biden administration

Famed investor Marc Andreessen recently talked about meetings with Biden administration staff who gave him the impression...

EV startup Canoo places remaining employees on a ‘mandatory unpaid break’

Struggling electric van startup Canoo has placed its remaining employees on what it’s calling a “mandatory unpaid...