The City of Columbus, Ohio, has revealed a significant data breach affecting approximately 500,000 residents due to a ransomware attack attributed to the Rhysida group. Initially downplayed by city officials, the breach, which occurred in mid-July 2024, has been confirmed to involve the exfiltration of personal data that was subsequently posted on the dark web.
Following the July 18 attack, which forced the city to take critical systems offline and disrupted municipal services, it was claimed that 6.5 TB of data had been stolen. After failed ransom negotiations, the Rhysida group published 3.1 TB of this data online. The compromised information includes sensitive files such as databases, password logs, employee payroll records, and even footage from city traffic cameras.
The situation escalated when security researcher David Leroy Ross, also known as Connor Goodwolf, disclosed the true extent of the breach to local media. This contradicted the city’s earlier claims that only corrupted data had been stolen, leading to a lawsuit against Ross by Columbus officials.
In response to the breach, Columbus has committed to enhancing its cybersecurity protocols and is offering two years of free credit monitoring and identity protection services to affected residents. With 55% of its population potentially impacted, city officials are facing increased scrutiny to improve data protection and ensure transparent communication about the incident.