COLUMBUS, Ohio — The total cost to taxpayers in the wake of a cyberattack on the City of Columbus remains unclear.
Through a public records request, 10TV has learned that from the beginning of July to Sept. 14. the city has spent $28,183 on overtime for its Department of Technology.
While the overtime costs for the department during that timeframe last year were higher, $31,945, the number of hours was nearly half the total from this year. According to the city, there were 1,016 overtime hours during this year compared to 561 hours in 2023. A city spokesperson said the reason why the number of overtime hours was higher last year is because the employees working were getting paid more per hour.
It’s been over two months since the city announced the data breach. Private information from hundreds of thousands of residents was released on the dark web.
Mayor Andrew Ginther said the city hopes to have all of its systems restored by the end of October — but what exactly will that look like?
“So normally restoration means bringing the service that you're supporting back online. It might not be exactly the same system,” said C. Matthew Curtin, founder of InterHack Corp.
Curtin said the timeframe for restoration, can be all over the place. It can range from months to years.
“Some organizations simply never recover or some systems are not restored and that’s a choice,” said Curtin.
Bob Carver, CEO of Cybersecurity Boardroom, said the focus of restoring depends on the backups, and verifying if those backups are good.
“You want to make sure that all the threats are removed from the systems, not only the current computer systems. But, make sure there’s no threats in the backup systems,” Carver said.
Carver said after a hack, you have to identify how the hack started. The city of Columbus said the FBI and Homeland Security are investigating the hack.
“I mean, was it through email or was it through a website? And then what malware, why didn't the endpoint security pick up that malware?” said Carver.
Carver said his advice is to check everything to prevent future hacks.
“They try to restore too quickly and they just assume if they restore everything, everything's going to be fine. But if they didn't find the original malware, they could, they could be compromised again all over again,” Carver said.
The deadline to sign up for two years of free credit monitoring through the City of Columbus is Nov. 29.