x
Breaking News
More () »

City of Columbus reaches agreement with cybersecurity expert who revealed details of attack

A judge must sign off on the resolution before it goes into effect.
A temporary restraining order was granted against Goodwolf on Aug. 29 after he spoke with several media outlets in the weeks following the city's cyberattack.

COLUMBUS, Ohio — The City of Columbus announced it has reached an agreement with the cybersecurity expert who revealed details of the cyberattack on the city over the summer.

City Attorney Zach Klein said his office and Connor Goodwolf agreed to permanently extend a preliminary injunction signed in September that protects sensitive data exposed in the cyberattack from being disseminated. Goodwolf, which is not his legal name and one he uses in interviews, will still be allowed to have a dialogue with the city about the breach. The city also agreed to drop its civil lawsuit against Goodwolf.

The city says Goodwolf is still allowed to discuss what kind of data was exposed, but he isn't allowed to share anything that has personal identifiable information such as social security numbers, driver's license numbers, bank account information and other sensitive information. He's also not banned from disseminating any data from the city's crime databases.

Goodwolf sent the following statement to 10TV's Tara Jabour:

"After speaking with others, the city has a long road ahead of rebuilding the trust with the cybersecurity community, as damage was done by bringing the civil suit against a good faith security researcher. The door will always be open to those interested in coming together and being an integral part of the cybersecurity community as we all stand strong when together."

A temporary restraining order was granted against Goodwolf on Aug. 29 after he spoke with several media outlets in the weeks following the city's cyberattack to explain what information was leaked on the dark web.

The city says it first learned something was wrong on July 18 when the city's department of technology "found evidence of an abnormality in its system." The city then severed its connection to the internet.

Two weeks later, the hacker group Rhysida claimed responsibility for the attack, saying it had 6.5 terabytes of data. The group later released 45% of the data it took from the city.

On Aug. 13, Mayor Andrew Ginther said the data stolen by hackers was either corrupted or encrypted, meaning it was likely useless. Later that day, Goodwolf told 10TV that wasn't true and he showed what kind of personal information he was able to access.

“During this crisis, our priority has been to keep the best interest of residents, victims, police officers, and all those impacted at heart. While I remain concerned about anyone having access to this sensitive data, conversations with Mr. [Goodwolf] have been positive, and all parties have agreed to move forward with an agreement that continues to prevent the dissemination of information, such as confidential law enforcement records while protecting free speech," Klein wrote in a release.

A judge must sign off on the resolution before it goes into effect.

Earlier this week, Ginther said all critical systems have been restored. The city's technology department told city council on Monday that 74% of all systems have been fully restored.

Before You Leave, Check This Out