COLUMBUS, Ohio — As the repercussions of the city's cyberattack continue to unfold, Columbus Mayor Andrew Ginther said he was not available for an interview Thursday to discuss it. 10TV tracked him down to Findlay to ask if he's being honest about the extent of the data breach.
10TV's Lacey Crisp asked Ginther if he lied earlier this week about the extent of his knowledge of the information that had been leaked, and he gave a resounding, "No."
"I shared the best information I had at the time based on reports and confirmation from cybersecurity experts. Obviously, what we have learned since then is continuing on our investigation and what is possibly out there, who has access to it," he said.
Ginther said on Tuesday morning that the data taken during the cybersecurity attack was either encrypted or corrupted making the files "totally unusable." Hours later, 10TV interviewed a cybersecurity expert who was able to download servers from the city on the dark web.
In response, Ginther released a statement Wednesday saying that the information he released Tuesday morning was "shared in good faith" and was "based upon rigorous investigation and reliable sources." He said he shared the update to offer transparency into the cyberattack and the events that followed.
10TV asked him why it took one cybersecurity expert just a few days to locate private sensitive data on the dark web when the city has had teams of people working on the breach since mid-July and claimed that the mayor was unaware of what was leaked.
"Those are some of the things we are talking about and trying to figure out, what additional resources that we need to bring to bear," Ginther said.
Experts have found that crime victims' information has also been leaked to the dark web from the city attorney's office. Ginther said the city is not prepared at this time to offer credit monitoring to citizens or crime victims whose personal information was a part of the leak.
Ginther also added that in addition to Rhysida, the group who claimed responsibility for the attack, there may be additional players at work.
"We don’t believe this was all a result of the initial cyberattack. There are a number of other cybercriminals that are targeting central Ohio, whether they are city employees, residents, trying to gather personal information from folks," he said.
As more information about the attack is revealed, Ginther said he will continue to "be relentless and be honest."
"I get daily briefings from, in partnership with, folks from homeland security, FBI and cybersecurity experts. We are continuing to learn more every day. Certainly, I’m going to continue to share with the public concerns, warnings, other additional resources and services to help protect them," Ginther said.