Half a million Ohio citizens have personal data stolen following ransomware attack

City of Columbus, Ohio, confirms suffering ransomware attackAround 500,000 citizens thought to have had private data stolenRhysida criminal group claims responsibility for attack

The City of Columbus has confirmed suffering a ransomware attack in which sensitive information on hundreds of thousands of residents was stolen.

In a breach notification letter sent to affected individuals, Ohio’s capital said it experienced a “cybersecurity incident” on July 18 2024 which apparently saw a “foreign threat actor” try to disrupt the city’s IT infrastructure, deploy ransomware, and later solicit a ransom payment.

While the city responded by containing the attack, isolating the threat actors, and bringing in third-party experts to assess the situation, the crooks managed to get away with sensitive information.

Half a million affected

“The information involved in the incident may have included your personal information, such as your first and last name, date of birth, address, bank account information, driver’s license(s), Social Security number, and other identifying information concerning you and/or your interactions with the City,” the City of Columbus said in the letter.

At the same time, the institution filed a report with the Office of the Maine Attorney General in which it stated that 500,000 of the city’s residents were affected, out of a total of roughly 910,000 citizens.

Despite the theft, the organization claims there is no evidence the data was misused on the dark web. However, there seems to be more to this story than that.

The threat actor behind the attack seems to be Rhysida, after the eastern European group claimed responsibility in August 2024, claiming it stole 6.5 TB from the city, including “databases, internal logins and passwords of employees, a full dump of servers with emergency services applications of the city and … access from city video cameras.”.

The gang asked for 30 bitcoin, which was roughly $1.9 million at the time of the attack. It is likely it did not receive the payment, since security researchers found an archive containing Ohio residents’ sensitive data, posted on the dark web.

Via TechCrunch

Data breached at LA Housing Authority after ransomware attackHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Related posts

AI voice scams are on the rise – here’s how to stay safe, according to security experts

Why you’re wrong about AI art, according to the Ai-Da robot that just made a $1 million painting

Netflix’s Spellbound really tugged at my heartstrings, and its touching message will hit kids and parents alike

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More