Home  >  Article  >  Columbus, Ohio, Confirms 500K People Impacted by July 18 Ransomware Attack Claimed by Rhysida Gang

Columbus, Ohio, Confirms 500K People Impacted by July 18 Ransomware Attack Claimed by Rhysida Gang

Susan Sarandon
Susan SarandonOriginal
2024-11-05 13:28:28831browse

The City of Columbus, Ohio, confirmed Nov. 1 that 500,000 people were affected by a July 18 ransomware attack that was claimed by the Rhysida gang.

Columbus, Ohio, Confirms 500K People Impacted by July 18 Ransomware Attack Claimed by Rhysida Gang

The City of Columbus, Ohio, has confirmed that 500,000 people were affected by a July 18 ransomware attack that was claimed by the Rhysida gang, according to a Nov. 1 filing with the Maine attorney general's office.

The city said the personal information that may have been stolen includes first and last names, dates of birth, addresses, bank account information, driver's licenses, and Social Security numbers.

The city was quick to add that it was not aware of any actual or attempted misuse of the personal information for identity theft or fraud as a result of the incident.

The filing is an interesting twist in the widely reported case. In August, the city sued security researcher David Leroy Ross Jr. — who also goes by Connor Goodwolf — originally claiming that Ross risked “irreparable harm” to the city and its residents via the exposure of sensitive stolen data.

The city, which ultimately dropped the lawsuit against Ross last week, had alleged that Ross downloaded city data from the dark web after it was leaked by the Rhysida ransomware gang and threatened to share the city’s stolen data with third parties.

“The city dropping the lawsuit was the right thing to do,” said John Gunn, chief executive officer of Token. “It was viewed by most in the cybersecurity community as vindictive and without merit. They attacked a Good Samaritan who was serving the public by exposing misrepresentations so that people could protect themselves. What could have compounded the issue further is the fact that judges who hear these types of cases are often technophobes with limited ability to judge the merits of a case like this.”

Stephen Kowski, Field CTO at SlashNext Email Security, had a different take on the Columbus, Ohio, case. Kowski said the city's lawsuit wasn't primarily about the city denying the breach; rather it was about preventing premature disclosure of sensitive details while investigations were ongoing.

Based on public statements, Kowski said Ross had expressed clear intentions to share additional information that could have exposed the personal details of individuals more transparently and easily — including details of minors — before subsequent investigations and protection measures could be completed, especially regarding the assertions the researcher was making legitimately.

“The situation highlights the delicate balance between transparency and responsible disclosure,” said Kowski. “While immediate acknowledgment of breaches is crucial, organizations also have an obligation to protect sensitive data, especially concerning minors, during active investigations. The [judge’s] injunction served its intended purpose by allowing for a complete investigation without risking additional exposure of sensitive information. The key takeaway isn't simply about ‘coming clean,’ but about managing incident response in a way that protects all stakeholders.”

The above is the detailed content of Columbus, Ohio, Confirms 500K People Impacted by July 18 Ransomware Attack Claimed by Rhysida Gang. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn