COLUMBUS, Ohio — Columbus Mayor Andrew Ginther provided an update on the city’s ongoing battle with a cyberattack, saying the data stolen by hackers was either corrupted or encrypted, meaning it was likely useless.
According to a fact sheet published by the city Tuesday, the data posted to the dark web by ransomware group Rhysida contained corrupted and encrypted information from city backup files. The city is currently running a data mining operation to determine what information is out there, if any. So far, these efforts have not found any personally identifiable information.
“The threat actor claimed to have 6.5 terabytes of data, but our forensics indicate they have far less,” said Mayor Andrew Ginther. “We believe the screenshots of the data files are the most compelling asset that they had and the sensitive files were either encrypted or corrupted, making them totally unusable.”
The city is also denying that it ever received a ransom request or is currently being held for ransom.
The amount of data stolen is also changing. Rhysida claims to have stolen 6.5 terabytes of data, equivalent to about 25 iPhones capable of storing 256 gigabytes. Mayor Ginther said their forensic investigations have determined the amount of information to be far less.
Ginther did say that while personal information wasn’t published to the dark web, it was temporarily accessed during the attack. The city hasn’t found evidence to support that any of that data was downloaded or published.
10TV pressed the mayor on the safety of civilian information. He said there is no indication that any of that information is at risk. Last week, cyber experts told 10TV that citizen's information on third party vendors could also have been shared on the dark web.
Ginther indicated that other bad actors are now targeting city employees, seeing that there is a current issue.
“All of the data is unusable because it is encrypted or corrupted, so no employees have been put at risk based on this attack,” he said. “We have heard from some, that this is what happens when this cyberattack takes place, there are other criminals who realize a certain community is dealing with a cyber security issue and they target folks that are associated with that entity or organization.”
A class action lawsuit has been filed by law firms Cooper Elliott and Meyer Wilson. That lawsuit alleges that the city didn’t keep important city employee information tightly locked down. 10TV spoke with one of the attorney’s representing that case after hearing what the mayor had to say.
“We stand by the allegations of our complaint. Those allegations are not merely that the information is out there, but the information is accessible to bad actors. In fact, in the case of one of our class representatives, this individual has suffered identity theft and consequences for his financial information,” said Michael Boyle, an attorney with Meyer Wilson. “Ultimately the data is in the city’s hands, and they have the obligation to maintain and protect it. In that respect, ultimately there is a sense where it does fall on the city. We understand that ultimately it was bad actors who went in and got that information and we’re not trying to minimize that.”
Ginther added Tuesday that the city has expanded its offer of credit monitoring through Experian to past city employees along with current employees. He said current employees should have received enrollment information to their home addresses. The city has created a call center to provide direct support to current and past employees needed assistance signing up for the program.