Mayor of Columbus, Ohio, says ransomware attackers stole corrupted, unusable data
COLUMBUS, Ohio — Hackers recently stole data from Ohio’s largest city, but the loot they got was not usable and no personal information of city employees was made available online, the mayor said.
Columbus Mayor Andrew Ginther confirmed the data breach, noting Tuesday that the city never received a ransom demand. The city learned Friday that most of the data published on the dark web by the ransomware group Rhysida was corrupted or encrypted, he said.
The group initially claimed to have 6.5 terabytes of stolen data — including login credentials, emergency response files and access to city cameras — that they had auctioned off to no avail. But Ginther said the city’s forensic data showed the group had far less data than that, and that the screenshots they had posted on the dark web were “the most compelling asset” they had.
After the breach, city employees, including police and firefighters, said their personal information was compromised. However, Ginther said that while the employees’ personal information was not uploaded to the dark web, someone had temporary access to it during the attack.
The city’s payroll system was open long enough for files to be viewed, but there’s no evidence that files were downloaded or posted to the dark web, city officials said. There’s also no evidence that any of the public’s data was exposed.
The city is now focusing on improving digital security and technology training to prevent another breach, Ginther said.
“I think when it’s all said and done, we’ll have spent millions of dollars dealing with the attack,” Ginther said.
Other major cities in Ohio have also faced cyberattacks. Cleveland City Hall was closed to the public for several days in June after a ransomware attack forced the city to shut down most systems, and Akron was forced to close some city functions after a digital attack in 2019.