Columbus, OH Mayor Admits Extent of Cyberattack Damage
Columbus, OH Mayor Andrew Ginther on Saturday publicly admitted to the extent of the damage the cybersecurity attack that has been impacting the city since July. Only last Tuesday, Ginther had announced that data stolen in the incident was encrypted and useless to the cybercriminals. At the time, he said the files were corrupted or encrypted, making them "totally unusable." The mayor also declined to say who is giving him the technical evaluations that have repeatedly turned out to be false.
On Saturday, the mayor said the answer he received then was the "best information we had at the time" and excused himself saying, "Clearly, we discovered that it was inaccurate information and I have to accept responsibility for that. “Ginther is still trying to figure out why IT investigators underestimated the extent of the damage done.
The cybercriminal group Rhysida had demanded $1.66 million in Bitcoin to keep data from being published on the dark web. The city reportedly has not paid yet.
According to experts the breach includes Columbus’ prosecutors’ database that includes information of individuals involved with the justice system, including defendants, victims, and witnesses. The stolen data is said to contain the scanned photo ID information of every person who had attended a City Council meeting in the last decade to juvenile court orders of protection, to potentially bank accounts.
Two law firms have filed a class action lawsuit against the city earlier alleging that the city failed to protect sensitive data. When the lawsuit was initially filed, the plaintiffs included city employees affected by the data breach but now includes any resident who is affected. Read more about this story on our LinkedIn page
On Saturday, the mayor said the answer he received then was the "best information we had at the time" and excused himself saying, "Clearly, we discovered that it was inaccurate information and I have to accept responsibility for that. “Ginther is still trying to figure out why IT investigators underestimated the extent of the damage done.
The cybercriminal group Rhysida had demanded $1.66 million in Bitcoin to keep data from being published on the dark web. The city reportedly has not paid yet.
According to experts the breach includes Columbus’ prosecutors’ database that includes information of individuals involved with the justice system, including defendants, victims, and witnesses. The stolen data is said to contain the scanned photo ID information of every person who had attended a City Council meeting in the last decade to juvenile court orders of protection, to potentially bank accounts.
Two law firms have filed a class action lawsuit against the city earlier alleging that the city failed to protect sensitive data. When the lawsuit was initially filed, the plaintiffs included city employees affected by the data breach but now includes any resident who is affected. Read more about this story on our LinkedIn page