COLUMBUS, Ohio — Those affected by the citywide cyberattack are now being offered free credit monitoring from the city of Columbus. At the same time, a class-action lawsuit, initially brought forward by two unnamed Columbus Division of Police officers, expanded to include anyone who has been impacted by the breach.
“It's pretty clear that people's information is available now out on the dark web in a form that is accessible to bad actors,” said Michael Boyle, one of the plaintiff attorneys on the class-action lawsuit filed against the city.
Boyle explained that they are in the early stages of the legal process and hope to meet with city attorneys in the next week or so to get an idea of how many have been impacted.
“The way class actions work is you file the case and you have a definition of who is included in it,” Boyle said.
“This is not the largest data breach that is out there, this is pretty close to maybe the most severe in terms of the information, the nature of the information that has been released,” he said.
10TV asked Columbus City Attorney Zach Klein if signing up for free credit monitoring would mean giving up the right to sue the city for damages.
Klein responded by saying: “No, the City of Columbus is not attempting to disqualify anyone from seeking to join the lawsuit by providing this free credit monitoring service. Rather, the purpose is to offer immediate security, protection, and peace of mind."
“Offering credit monitoring is a part, not all, but part of the relief that people get in these data breach cases,” Boyle explained.
Columbus Mayor Andrew Ginther's office said that on July 18, the city's technology department found evidence of an abnormality in its system. Once the threat was identified, the department severed the internet connection to reduce the threat to the city's systems.
Investigators initially believed that the cybersecurity incident happened from an email link, but later discovered that the threat actor gained access to the city’s system through a website download.
“Ultimately, I'm the mayor, the buck stops with me and I take responsibility for the information I've shared with the public. My job is to acknowledge when that information was inaccurate. It was the best information we had at the time. Clearly, we discovered that was inaccurate information and I have to accept responsibility for that,” Ginther said at a press conference on Saturday.