The Metropolis of Columbus, Ohio’s state capital, has confirmed that hackers stole the private information of 500,000 residents throughout a July ransomware assault.
In a filing with Maine’s lawyer basic, Columbus confirmed {that a} “overseas cyber menace actor” compromised its community to entry data together with residents’ names, dates of start, addresses, identification paperwork, Social Safety numbers, and checking account particulars.
The town, which is probably the most populous in Ohio with roughly 900,000 residents, says round half one million people have been affected, although it has not confirmed the precise variety of victims.
The regulatory submitting comes after Columbus was the goal of a ransomware assault on July 18 of this 12 months, which the town claimed to have “thwarted” by disconnecting its community from the web.
Rhysida, the ransomware gang accountable for final 12 months’s British Library cyberattack, claimed duty for the assault in opposition to Columbus in August. On the time, the gang stated it had stolen 6.5 terabytes of knowledge from the town in Ohio, together with “databases, inner logins and passwords of staff, a full dump of servers with emergency providers functions of the town and … entry from metropolis video cameras,” in keeping with local news reports.
Rhysida requested for 30 bitcoin, round $1.9 million on the time of the cyberattack, as cost for the stolen information.
Two weeks after the cyberattack, Columbus mayor Andrew Ginther advised the general public the stolen information was possible “corrupted” and “unusable.”
The accuracy of Ginther’s assertion was thrown into doubt the next day after David Leroy Ross, a cybersecurity researcher also called Connor Goodwolf, revealed that the private data of tons of of 1000’s of Columbus residents had been listed on the darkish net.
In September, Columbus sued Ross, alleging that he was “threatening to share the Metropolis’s stolen information with third events who would in any other case haven’t any available means by which to acquire the Metropolis’s stolen information.” A decide filed a brief restraining order in opposition to Ross, stopping him from accessing the stolen information.
In an inventory on its leak web site, seen by TechCrunch on Monday, Rhysida claims to have uploaded 3.1 terabytes of “unsold” information stolen from Columbus, amounting to greater than 250,000 information.