Columbus, Ohio Data Breach Investigation | Ransomware Attack
The Lyon Firm is investigating a ransomware attack on Columbus, Ohio, which may have impacted millions of residents and municipal workers.
The city of Columbus, Ohio, announced that it was forced to take its systems offline due to a July 18, 2024, ransomware attack, now claimed by the Rhysida ransomware group.
Contact our data breach lawyers to learn more about data privacy violations, ransomware attacks, and how you can protect personal information following a data security incident. Joe Lyon is an Ohio data breach lawyer, currently involved in numerous data privacy lawsuits, and representing plaintiffs nationwide.
Understanding the Columbus, Ohio, Data Breach
According to a notice released by the city of Columbus, a cyberattack perpetrated by “an established, sophisticated threat actor” forced them to contact federal authorities and seek assistance from cybersecurity experts.
The incident occurred when a city employee was sent a phishing email, and they downloaded a file from a malicious website. The city is determining what personal data was included in the incident.
The city of Columbus continues an investigation regarding the July cybersecurity incident, and the city is offering free credit monitoring for some city employees. Columbus is still in the process of identifying all individuals whose personal information was potentially exposed and will provide notice at some point in time.
Who is Responsible for the Attack?
According to sources, Rhysida, an overseas ransomware-as-a-service gang, has claimed responsibility. The city says it stopped the ransomware attack, but it is still investigating the amount of data the hackers had accessed.
The purpose of the attack, the city said in an earlier notice, was to disrupt their IT infrastructure and potentially deploy ransomware. Columbus mayor, Andrew Ginther, pointed out that the attack was carried out by professionals and that resources were deployed to mitigate the impact.
Some cybernews sites were able to examine the sample stolen files, which allegedly included program files, including access to databases, passwords, cloud data management files, system backup files, employee data, personal messages, and payroll information.
Rhysida is known for targeting a wide range of entities, including those in the education, healthcare, manufacturing, information technology, and government sectors. They have operated as a ransomware-as-a-service (RaaS) group, selling hacking tools to other groups for a cut of the profits.
In 2023, the group claimed responsibility for an attack on the California-based healthcare conglomerate Prospect Medical Holdings (PMH), impacting services for dozens of hospitals and healthcare facilities. They are claiming to have stolen over 6.5 terabytes of data from Columbus, Ohio, servers, including employee credentials.