City of Columbus hit by data breach, data leaked on the dark web
Learn More
On Wednesday 24th of July, the City of Columbus experienced a data breach. City officials have confirmed that immediate safeguards were implemented by the City of Columbus IT department to limit access to information. The breach is currently under investigation by Mike Richardson, the City of Columbus Director of Security and Risk, in conjunction with the City of Columbus IT Department. As a result of the outage, payments and online services are currently unavailable, and city email is affected. Despite these issues, all previously scheduled meetings for the City of Columbus will proceed as planned.
It's unclear if any data was stolen or if individuals are impacted. The City claims that no credit card or banking information within the city was compromised during the breach. The nature of the attack is not disclosed.
Update - as of 30th of July 2024, mayor Andrew Ginther stated: "While the encryption attempt was prevented, it is possible some city data was accessed by the threat actor,". "Because we know they had some data before we shut the system down, the threat is not over. ... But as far as their access to the system, that has been shut down."
The city has not received a ransom demand related to the July 18 attack.
A forensic analysis has indicated the breach began through a file, possibly a zip file, downloaded from the internet.
As of 31st of July 2024, Rhysida ransomware group took reponsibility for the attack and are threatening to publish 6.5 terabytes of stolen data from the city’s systems. Rhysida claims to have stolen emergency services data, access to city cameras and more. The group is demanding 30 bitcoin, or around $1.9 million for the stolen data with a deadline to pay of one week.
Two Columbus Division of Police officers had their bank accounts hacked, with an unspecified amount of money stolen, amid a city-wide ransomware attack. While the mayor's office is aware of the situation, it remains unconfirmed if the hacks are connected to the broader cyberattack.
As of 8th of August 2024, Rhysida group has begun releasing stolen data from Columbus city servers, including user profiles and database backups, with 45% of the 3.1 TB of stolen data already exposed on the dark web; it's speculated that the remaining 55% may have been sold.
As of 13th of August 2024, Connor Goodwolf, a Columbus cybersecurity specialist, reports that the data breach in Columbus exposed not only city employees' personal data but also that of over 470,000 private citizens, including:
- names,
- addresses,
- birth dates,
- driver's license numbers,
- Social Security numbers.
As of 3rd of November 2024, the City of Columbus reported to the Maine Attorney General’s Office that a potential data breach may have impacted 500,000 individuals in the city.
City officials have emphasized that social media reports suggesting Bartholomew County and the Bartholomew Consolidated School Corporation (BCSC) are also under cyberattack are false. However, some services connected to the city's computer system, such as the county GIS system, have been impacted but are in the process of being restored.
The Columbus Police Department (CPD) confirmed that the IT department successfully stopped the breach attack on Wednesday night. The subsequent internet outage is attributed to a hardware issue that emerged the next day.
CPD’s dispatch operations and police calls are functioning normally. The only current disruption is a delay in completing police reports, which rely on internet connectivity. CPD officials aim to have internet service restored later today.
