COLUMBUS, Ohio — The city of Columbus is looking into reports that the private data of hundreds of thousands of citizens is available on the dark web following last month's cyberattack.
Columbus Mayor Andrew Ginther told 10TV Tuesday morning that the data was either encrypted or corrupted making the files "totally unusable." Hours later, 10TV interviewed a cybersecurity expert who was able to download servers from the city on the dark web.
The expert, Connor Goodwolf, said the data includes anyone who swiped their driver's license at City Hall in the last 10 years. It also includes anyone who has dealt with the Columbus City Attorney's Prosecuting Office in any way, including victims, suspects, or someone who was subpoenaed by the court or law enforcement.
10TV confirmed a few of its employees' personal information was on that database, and it was accurate. However, when 10TV checked other names, including people who have spoken at City Council, their names were not on the database.
Ginther released a statement Wednesday saying that the information he released Tuesday morning was "shared in good faith" and was "based upon rigorous investigation and reliable sources." He said he shared the update to offer transparency into the cyberattack and the events that followed.
Ginther continued his statement by saying that the city is aware of an individual who has come forward with information.
"We are pursuing this information with the foremost concern of protecting and serving Columbus residents. We are actively evaluating additional resources to support the public and the city. As we continue to investigate, we will act on and share verifiable information," Ginther said.
City Attorney Zach Klein said he aware that victims' data could be on the dark web. Klein said in part, "I take this very seriously because our mission is and always will be to serve and protect victims."
Goodwolf said there is more information on the dark web that he is working to download.
The city is providing credit checks for city employees who may be affected.
Ginther and Klein both declined an interview on Wednesday.
Anyone who believes their information could be involved in the data breach should get their credit checked. You can read more on how to protect yourself after a data breach here.