The city of Columbus, Ohio over the weekend confirmed it notified 500,000 residents of a July 2024 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Bank account info
- Dates of birth
- Addresses
- “Other identifying info concerning you and/or your interaction with the City”
Ransomware gang Rhysida claimed responsibility for the attack shortly after it occurred, saying it stole 6.5 TB of data from the city. It further claims to have stolen city employees’ login info and passwords, emergency services applications, and access to city video cameras. Rhysida demanded 30 Bitcoin in ransom, which was worth about $1.9 million at the time.
Columbus officials have not verified Rhysida’s claim. We don’t yet know whether officials paid a ransom. The investigation found that attackers gained access to the city’s systems “through an internet website download and not an email link.”
The city’s notice to victims states, “On July 18, 2024, the City discovered that it had experienced a cybersecurity incident in which a foreign cyber threat actor (the “TA”) attempted to disrupt the City’s IT infrastructure in a possible effort to deploy ransomware, and solicit a ransom payment from the City (the “Incident”). The City’s continuing investigation of the Incident determined that the TA gained unauthorized access to the City’s technology infrastructure, allowing the TA to access certain personal information.”
Columbus’ official website states, “the city has now confirmed that some data was accessed and posted on the dark web by cybercriminals.”
Mayor Andrew Ginther said the city spent $4 million to secure the breached systems and conduct an investigation.
Columbus is offering eligible victims 24 months of free credit monitoring via Experian. The deadline to enroll is January 31, 2025.
Who is Rhysida?
Experts say Rhysida has ties to the ransomware group Vice Society. It started claiming attacks in May 2023. Since then, Comparitech researchers logged 60 confirmed ransomware attacks claimed by Rhysida, compromising more than 4 million records. Its average ransom is $1.15 million.
Many of Rhysida’s biggest attacks were on healthcare companies including Prospect medical Holdings (1.3 million records), Singing River Health System (895,000), and Ann & Robert H. Lurie Children’s Hospital in Chicago (792,000).
In the government sector, Rhysida claimed attacks on Hernando County, the New Mexico Law Offices of the Public Defender, the Sumter County Sheriff’s Office, and the Seattle-Tacoma International Airport.
Ransomware attacks on US government
Ransomware attacks on government agencies can disrupt day-to-day operations and render computer systems useless until a ransom is paid for a key to restore them. Most ransomware attacks also steal data before encrypting it, which gangs then use to extort more money from victims under the threat of selling or publishing victims’ personal info.
Ransomware attacks can cripple the computer systems and networks used for emergency services, tax payments, billing for city services, phone and email systems, court proceedings, permitting, welfare programs, and more.
We tracked 72 confirmed ransomware attacks on US government agencies so far in 2024, affecting 844,631 records. By number of records affected, this attack on Columbus is the largest breach we’ve recorded since we began tracking in 2018.
About Columbus, OH
Columbus is the capital of Ohio and has a population of just over 900,000 people, making it the 14th most-populated city in the United States.