Columbus says ransomware gang stole personal information of 500,000 Ohioans

The city of Columbus, the capital of Ohio, confirmed that hackers stole the personal information of 500,000 residents during a July ransomware attack.

In filing In an interview with Maine’s attorney general, Columbus confirmed that a “foreign threat actor” breached its network to access information including residents’ names, dates of birth, addresses, identification documents, social security numbers and checking account information .

Ohio’s most populous city, with about 900,000 people, said about half 1,000,000 people were affected, even though it didn’t confirm the precise number of victims.

The regulatory filing comes after Columbus was the goal of a ransomware attack on July 18 this 12 months by city officials he claimed “thwart” it by disconnecting your network from the Internet.

Rhysida, the ransomware gang accountable for last 12 months’s cyber attack on the British Library, claimed responsibility for the August attack on Columbus. At the time, the gang said it had stolen 6.5 terabytes of data from the Ohio city, including “databases, internal employee logins and passwords, a full server dump of city emergency services applications, and … access from city video cameras,” in response to local news reports.

Rhysida demanded 30 bitcoins, or roughly $1.9 million on the time of the cyberattack, as payment for the stolen data.

Two weeks after the cyberattack, Columbus Mayor Andrew Ginther told the general public that the stolen data was likely “corrupted” and “unusable.”

The accuracy of Ginther’s statement was called into query the day after David Leroy Ross, a cybersecurity researcher also often called Connor Goodwolf, revealed that the personal information of a whole lot of 1000’s of Columbus residents had been placed on the dark web.

In September, Columbus sued Ross, alleging that it “threatened to make stolen city data available to third parties who otherwise would not have readily available means to obtain stolen city data.” A judge issued a brief restraining order against Ross, stopping him from accessing the stolen data.

In a listing published Monday by TechCrunch on the leak site, Rhysida claims to have transferred 3.1 terabytes of “unsold” data stolen from Columbus, amounting to greater than 250,000 files.