COLUMBUS, Ohio — It’s been nearly a month and a half since a citywide cyberattack led to thousands of Columbus citizens' private information being leaked on the dark web by a hacker group.
People’s licenses, bank account information and sensitive information from the city attorney's office are available on the dark web.
Now 10TV is uncovering the latest information made downloadable, the Columbus police crime matrix. That database includes witness, victim and suspect information from any police report in the last 10 years.
“This is extremely disturbing,” said Connor Goodwolf, a cybersecurity expert.
Goodwolf showed 10TV the data that he found. It includes nine gigabytes of information from the crime database.
“These are where all the police reports go, all of the incident reports go. Regardless of what it is, every report. Every time an officer is deployed, they have to make a report. It’s anything from a traffic stop, going to a home or business, reports of child abuse, shots fired,” said Goodwolf.
Goodwolf said one of the most disturbing things is the undercover police reports.
“Officers who do undercover work regularly, now their names, the work they do is out there. We are talking about the old vice unit, which is now PACT. We are talking about units that handle gang crimes, guns,” Goodwolf added.
10TV brought the newly obtained information to Columbus Fraternal Order of Police Lodge #9 President Brian Steel.
He released a statement on the matter.
“The breach of sensitive information, especially involving undercover officers and sensitive cases like sexual assault and domestic violence, is indeed a serious concern. The potential consequences are personal and professional risks to those involved and a broader erosion of trust in the city's ability to protect its citizens and employees.
If negligence within the city government contributed to this breach, those responsible must be held accountable. The public expects transparency and action to ensure such a situation does not recur. The safety and well-being of the individuals affected must be a top priority, along with reinforcing security measures to prevent future incidents," Steel said.
On Wednesday evening, Mayor Andrew Ginther gave the following statement to 10TV:
“I am outraged that the city and our residents continue to be victimized by this cyberattack. As I have previously said, we can expect more personally identifiable information to be identified as having been posted on the dark web. The dark web is for criminals. The people who stole data from the City of Columbus are criminals, and anyone using or disclosing stolen confidential information is a criminal.
The FBI, City Attorney Zach Klein, our Department of Technology and cybersecurity experts continue to work around the clock on this active criminal investigation. I remind the public that it can be against the law to download or possess illegally obtained data.
We will continue to do everything in our power to support Columbus residents, crime victims and police officers and seek accountability for those exploiting their information," Ginther said.
10TV asked Goodwolf if he thought the cyberattack was preventable.
“Yes, the city of Columbus should have been following best security practices which includes encrypting all databases,” said Goodwolf.
10TV reached out to the Columbus Division of Police for a comment but did not receive a response.