The City of Columbus, Ohio, is notifying 500,000 individuals that their personal information was stolen in a July 2024 ransomware attack.
The incident occurred on July 18 and resulted in the city taking systems offline as a containment measure, which impacted multiple services.
In late July, the city announced that the attack was stopped before file-encrypting ransomware could be deployed on its systems.
In early August, the city sued security researcher David Leroy Ross, also known as Connor Goodwolf, for telling the local media that the personal information of residents was stolen during the attack. The city’s officials previously said that only corrupted, unusable data had been exfiltrated.
Ross discovered that the Rhysida ransomware gang had leaked on its Tor-based website 3.1 terabytes of information supposedly exfiltrated from Columbus’ systems. The group claimed the theft of 6.5 terabytes of data and leaked the information after failing to extort the city and to auction the data.
In its notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office, the city has confirmed that the perpetrators posted on the dark web an abundance of allegedly stolen data.
The potentially compromised information, Columbus says, includes names, addresses, dates of birth, bank account information, driver’s license information, Social Security numbers, and other identifying information.
Columbus notes that it is not aware of any misuse of the compromised personal information for identity theft or fraud, but is providing the potentially impacted individuals with 24 months of free credit monitoring services, which include identity restoration assistance.
Advertisement. Scroll to continue reading.
The City of Columbus told the Maine AGO that 500,000 people might have been affected. The capital of Ohio and the most populous city in the state, Columbus is home to over 900,000 people.
Related: Four REvil Ransomware Group Members Sentenced to Prison in Russia
Related: Avast Releases Free Decryptor for Mallox Ransomware
Related: Fujifilm Restores Services Following Ransomware Attack