City of Columbus says ransomware attack compromised the data of about 500,000 residents

The City of Columbus in the U.S. state of Ohio said that the data security incident it suffered earlier this year compromised the sensitive personal information of approximately 500,000 individuals.

 

Earlier this year, Columbus Mayor Andrew J. Ginther said in a social media post that the City became a victim of a cyber attack on July 18 and its IT team was working diligently to recover the affected systems. As a part of the recovery process, the team had to take several systems offline, but emergency services including 911, 311 and employee payroll systems remained operational.

 

In a public notice published on its website, the City said that its investigation has identified a “foreign cyber threat actor attempting to disrupt the city’s IT infrastructure, in a possible effort to deploy ransomware and solicit a ransom payment from the city.”

 

While the City claimed to have disrupted the ransomware attack, it said it is in the process of identifying the “amount of city data potentially accessed.”

 

In a filing with the Office of Maine Attorney General, the City said that the compromised data included names, dates of birth, addresses, bank account information, driver’s licenses, Social Security numbers, and more. Its filing with the state regulator also revealed that at least 500,000 individuals were impacted by the incident.

 

While the city found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered two years of complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

In August, the Rhysida ransomware group claimed responsibility for the ransomware attack and listed the City as a victim on its data leak site. The hacker group said it was in possession of 6.5 terabytes of data, including database, internal logins and password, a full dump of servers with emergency services applications of the city and access from city cameras.

 

The group demanded a ransom of 30BTC, or approximately £1.49 million, from the City and threatened to leak the stolen data if the ransom was not paid.