Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Data of Nearly Half the Columbus, Ohio Population Exposed in Security Breach

Heads or tails?
Ryan Uliss
Contributing Writer
Columbus Ohio with Scioto river Aerial view of Downtown with faint hacker code visible in the background.

The City of Columbus, Ohio, recently disclosed a significant data breach that compromised the personal information of around 500,000 residents, nearly half of its population. The cyberattack, launched in July by the Rhysida ransomware group, infiltrated the city’s networks, capturing residents’ sensitive data, including Social Security numbers, banking information, identification documents, and personal addresses.

Although city officials initially stated that they had successfully mitigated the attack, Rhysida later claimed responsibility and alleged that they had extracted 6.5 terabytes of data, some of which they have since released on dark web platforms.

Following the breach, the City attempted to reassure the public, with Mayor Andrew Ginther suggesting that the compromised data might be “corrupted” or “unusable.” However, cybersecurity researcher David Leroy Ross disputed this, showing evidence that unencrypted data was accessible and posted online. In response, Columbus filed a lawsuit against Ross, alleging he was unlawfully sharing the stolen data.

The legal actions underscore the city’s struggle to both contain the spread of leaked information and manage the fallout of the attack, which has already affected hundreds of thousands of Ohio residents.

Why It Matters: The Columbus data breach highlights the growing vulnerabilities in municipal cybersecurity and the immense risks residents face as their personal data is exposed. For a major U.S. city, an attack of this scale signals how even sophisticated responses can be insufficient against ransomware gangs that continue to refine their tactics. Additionally, the disclosure that this data breach was far more extensive than initially suggested—especially given the highly sensitive nature of the information stolen—raises urgent questions about the preparedness of local governments to handle cybersecurity threats.

  • Data Breach Scope and Notification: Columbus disclosed that approximately 500,000 residents had their data compromised during a ransomware attack by the Rhysida gang, affecting nearly half of the city’s population. Information stolen included Social Security numbers, banking details, and government-issued identification, which was later leaked on the dark web.
  • Initial City Response and Contradictory Claims: City officials initially assured the public that the breach had been “thwarted” and data was unusable due to corruption. However, security researcher David Leroy Ross contested this, revealing unencrypted data samples. This discrepancy raised doubts about the city’s transparency and initial handling of the breach.
  • Legal Actions Against the Researcher: Columbus filed a lawsuit against Ross, alleging he was sharing the city’s stolen data. This legal action includes a temporary restraining order to prevent further access and dissemination, underscoring the tension between cybersecurity transparency and control over data breaches.
  • Rhysida’s Ransom Demands and Data Leak: Rhysida demanded a ransom of 30 Bitcoin (around $1.9 million at the time) to prevent data leakage. After the city declined payment, the ransomware group began leaking files, with 45% of the data—including employee credentials, city camera feeds, and personal documents—released on their leak portal.

Go Deeper -> Columbus says Ransomware Gang Stole Personal Data of 500,000 Ohio Residents – TechCrunch

City of Columbus: Data of 500,000 Stolen in July Ransomware Attack – Bleeping Computer

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters