Columbus Mayor Andrew Ginther addressed the public on the recent City of Columbus cyberattack that targeted the city’s IT infrastructure in July 2024, confirming that the data stolen by the overseas ransomware organization Rhysida was ultimately unusable.
The mayor assured that no personal information was leaked on the dark web, offering some relief to city employees and residents concerned about the security of their sensitive data.
Details of the City of Columbus Cyberattack
The July 2024 City of Columbus cyberattack was a strange incident, as Rhysida, a notorious overseas ransomware group, claimed responsibility for the data breach. The group asserted that they had stolen 6.5 terabytes of city data, including employee passwords and login information. However, Mayor Ginther stated that the data stolen by the attackers was either encrypted or corrupted, rendering it largely unusable.
“Sensitive files were either encrypted or failed to make them usable,” said Ginther. “The personal data that the threat actor published to the dark web was either encrypted or corrupted, and the majority of the data posted by the actor was unusable.”
This was the first time the mayor publicly confirmed that Rhysida was behind the City of Columbus cyberattack, which had sparked fears among city employees, including police and fire personnel, that their personal information had been compromised.
However, Ginther was quick to clarify that any thefts of personal information that occurred after the City of Columbus cyberattack were likely linked to other cybercriminals and not the direct result of the ransomware attack.
“That’s not related to this cyberattack; it’s other criminals and bad actors that are taking advantage of the cyber threat, based on what we know,” Ginther emphasized, distancing the incident from broader concerns about widespread data leaks.
No Ransom Demanded, City Takes Precautionary Measures
One of the notable aspects of this City of Columbus cyberattack was the absence of a ransom demand. Typically, ransomware attacks involve hackers encrypting a victim’s data and demanding payment in exchange for the decryption key. In this case, however, no such demand was made, adding a layer of complexity to the situation.
Despite the hackers’ claims of accessing a large volume of city data, Ginther reiterated that no taxpayer or employee personal information was made available on the dark web. However, he acknowledged that employee records were accessible during the ransomware attack, which has led to concerns about potential long-term risks.
To address these concerns and protect its employees, the city initially offered free credit monitoring and identity theft protection services to all current city employees. In a recent update, this offer has been extended to all former employees as well, ensuring that everyone potentially affected by the breach has access to these vital protective measures.
Financial Impact and Cybersecurity Enhancements
The financial implications of the City of Columbus cyberattack are significant, with Mayor Ginther estimating that the city will have spent several million dollars dealing with the aftermath. These costs include not only the immediate response to the breach but also the ongoing efforts to prevent future attacks.
In response to the City of Columbus cyberattack, City is taking decisive action to bolster its cybersecurity defenses. The city’s Department of Technology, which played a crucial role in identifying and mitigating the threat, is now focused on implementing enhanced cybersecurity measures and increasing technology training for city employees. These steps are aimed at preventing a recurrence of such incidents and ensuring that the city’s IT infrastructure is better equipped to handle potential threats.
Incident Response and Collaboration with Federal Agencies
The July 2024 City of Columbus data breach initially raised concerns that it was caused by a city employee inadvertently clicking on a malicious link in an email. However, further forensic investigation revealed that the threat actor gained access to the city’s system through a website download.
Upon detecting the breach, the city’s Department of Technology quickly severed internet connectivity to limit the potential exposure and prevent the encryption of additional data. The city also engaged federal agencies, including the FBI and Homeland Security, as well as cybersecurity experts, to eradicate the threat and ensure compliance with applicable laws.
“We appreciate the grace our residents have offered us amidst service delays and the dedication of our employees working to keep our city running,” said Ginther, acknowledging the challenges faced by both residents and city workers during this period.
Commitment to Data Security
The City of Columbus is committed to the safety and security of its employees and residents, particularly in the wake of this cyberattack. In addition to offering Experian credit monitoring services, which include credit monitoring by all three major bureaus, identity theft restoration services, and dark web monitoring for two years, the city is also enhancing its overall cybersecurity posture.
Moving forward, the focus will be on increasing cyber awareness and ensuring that all city employees are equipped with the knowledge and tools needed to prevent future breaches.