City of Columbus hit by cyberattack, half a million people affected
The City of Columbus has become the victim of a ransomware attack. The threat actor was able to steal personally identifiable information of approximately 500,000 inhabitants.
The cybersecurity incident came to light on July 18, when an unknown threat actor tried to disrupt the city’s IT infrastructure by installing ransomware and demanding a ransom payment.
“The Incident was discovered expeditiously, cybersecurity experts were retained, and security measures were implemented to contain the incident,” the City of Columbus says in a data breach notification addressed to the Office of the Maine Attorney General.
But to no avail, the attacker was able to gain unauthorized access to the city’s IT network and copy personal information of 500,000 inhabitants, which is roughly half the people living in the City of Columbus. This included full names, dates of birth, postal addresses, bank account information, driver’s licenses, social security numbers, and other identifying information.
The City of Columbus says there are no cases of identity theft, financial fraud or other forms of misuse. People that are impacted by the data breach however should be alert for suspicious activities on their financial accounts and credit reports. Victims are entitled to 12 months of free credit monitoring and identity theft services.
To avoid recurrence, the City of Columbus’ IT Department has taken measures to identify the threat actor and block him and other unauthorized users from the city’s systems.
In addition, the city has hired cybersecurity experts to investigate and resolve the incident. Relevant law enforcement agencies have been informed about the incident and are doing all they can to bring those responsible to justice. Meanwhile, the city’s investigation is still ongoing.
Back in August, Cybernews reported that ransomware operation Rhysida was responsible for the July cyberattack. The hacking group claimed to have stolen more than 6TB of sensitive data and published a portion of it on their leak site.
According to the United States Cybersecurity and Infrastructure Security Agency (CISA), Rhysida has been active since May 2023 and has mainly targeted organizations in government, education, healthcare, and the IT sector.
The group uses login credentials obtained via the dark web to gain access to a victim’s IT network. This not only allows their presence to remain unnoticed for a long time, but also enables the attackers to move laterally through the corporate network.
Rhysida does not develop the ransomware it uses in its attacks itself, but rather lends it from another party. In exchange for a piece of the pie, the group is allowed to use ransomware to attack victims. This revenue model is also known as Ransomware-as-a-Service or RaaS.
Your email address will not be published. Required fields are marked