Skip to main content
Cybersecurity

City of Columbus reveals 500,000 people had information exposed during July attack

“One of the primary motivations [or paying ransom] was to prevent the stolen data from being further published and used against the victim,” one expert tells IT Brew.
article cover

Getty Images

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A July ransomware attack on Columbus, Ohio, exposed the data of half a million people, the city revealed in a data breach notification.

The filing, which was published by the Office of the Maine Attorney General, included a notification letter sent to affected residents. In that letter, the city of Columbus explained that a July 18 attack from a “foreign cyber threat actor”—Rhysida—resulted in the leak of personal information, including “first and last name, date of birth, address, bank account information, driver’s license(s), Social Security number, and other identifying information.”

Larger problem. KnowBe4 Data-Driven Defense Evangelist Roger Grimes, in comments emailed to IT Brew, noted that data exfiltration of the kind that affected Columbus has become routine in ransomware attacks, with an estimated more than 90% of attacks involving the leak of data.

“Less victims are paying the ransom, but of those that do, one of the primary motivations was to prevent the stolen data from being further published and used against the victim,” Grimes wrote.

Grimes added that just holding the possibility of leaking the data is frequently sufficient for ransomware gangs to get what they want.

“There have even been many ransomware gangs who no longer do the messy, buggy part of encrypting data, but instead rely entirely on the threat of exfiltrated data to make their victims pay,” Grimes added. “And it’s something a data backup cannot prevent or stop.”

Repair work. Columbus officials said that those affected will be offered credit monitoring services, paid for by the city. Department of Technology Director Sam Orth told the city council Nov. 4 that desktop access had been restored, a sign of the long term effect the July attack had.

“Our primary focus is now on restoring remote access, including email, which we are starting to roll out this week on our Workspace One platform,” Orth told the council. “Given the demand, we will be working with departments to prioritize their users. Full implementation is expected to take several weeks.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.