July 2024 ransomware attack on the City of Columbus impacted 500,000 people

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals.

On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

On July 29, 2024, the City published an update on the City’s website and confirmed that the City of Columbus suffered a ransomware attack. The city added that the attack was successfully thwarted, and no systems were encrypted.

“The City of Columbus’ continuing investigation of a July 18 cybersecurity incident has found that a foreign cyber threat actor attempted to disrupt the city’s IT infrastructure, in a possible effort to deploy ransomware and solicit a ransom payment from the city. Fortunately, the city’s Department of Technology quickly identified the threat and took action to significantly limit potential exposure, which included severing internet connectivity.” reads the update published by the City. “While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed. “

While the City was investigating the incident with the help of law enforcement, the Rhysida ransomware gang claimed responsibility for the attack. The gang claimed they had stolen databases containing 6.5 TB of sensitive data, including employee credentials, a full dump of servers with emergency services applications of the city, access from city video cameras, and other sensitive information.

Rhysida demanded 30 Bitcoin (about $1.9 million) for stolen data. Two weeks later, the City’s mayor stated the data was likely “corrupted” and “unusable.”

“The accuracy of Ginther’s statement was thrown into doubt the following day after David Leroy Ross, a cybersecurity researcher also known as Connor Goodwolf, revealed that the personal information of hundreds of thousands of Columbus residents had been listed on the dark web.” reported Tech Crunch.

In September, Columbus sued Ross, accusing him of threatening to share stolen city data. A judge issued a temporary restraining order to block his access to it.

“Participating in the auction, you have the opportunity to buy more than 6.5TB of databases, internal logins and passwords of employees, a full dump of servers with emergency services applications of the city, access from city video cameras.” reads the announcement published by the Rhysida gang.

City of Columbus

At this time, the ransomware group has published 45% of stolen data on its dark web leak site, a total of 3,1 TB including 258 270 files.

Now the City of Columbus determined that the ransomware attack compromised the personal and financial information of 500,000 individuals.

“The information involved in the Incident may have included your personal information, such as your first and last name, date of birth, address, bank account information, driver’s license(s), Social Security number, and other identifying information concerning you and/or your interactions with the City.” reads the data breach notification letter shared with Maine’s Office of the Attorney General. “To date, the City is unaware of any actual or attempted misuse of your personal information for identity theft or fraud as a result of this Incident.”

The City offered 24 Month- Experian Credit Monitoring and Dark Web Monitoring to the impacted individuals.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, City of Columbus)