Columbus says ransomware gang stole private information of 500,000 Ohio residents | TechCrunch

The Metropolis of Columbus, Ohio’s state capital, has confirmed that hackers stole the private information of 500,000 residents throughout a July ransomware assault. 

In a filing with Maine’s legal professional basic, Columbus confirmed {that a} “international cyber risk actor” compromised its community to entry data together with residents’ names, dates of beginning, addresses, identification paperwork, Social Safety numbers, and checking account particulars. 

Town, which is probably the most populous in Ohio with roughly 900,000 residents, says round half 1,000,000 people had been affected, although it has not confirmed the precise variety of victims. 

The regulatory submitting comes after Columbus was the goal of a ransomware assault on July 18 of this 12 months, which the town claimed to have “thwarted” by disconnecting its community from the web. 

Rhysida, the ransomware gang chargeable for final 12 months’s British Library cyberattack, claimed duty for the assault towards Columbus in August. On the time, the gang stated it had stolen 6.5 terabytes of knowledge from the town in Ohio together with “databases, inside logins and passwords of workers, a full dump of servers with emergency providers purposes of the town and … entry from metropolis video cameras,” in response to local news reports.

Rhysida requested for 30 bitcoin, round $1.9 million on the time of the cyberattack, as fee for the stolen information. 

Two weeks after the cyberattack, Columbus mayor Andrew Ginther informed the general public the stolen information was possible “corrupted” and “unusable.”

The accuracy of Ginther’s assertion was thrown into doubt the next day after David Leroy Ross, a cybersecurity researcher often known as Connor Goodwolf, revealed that the private data of a whole bunch of hundreds of Columbus residents had been listed on the darkish internet.

In September, Columbus sued Ross, alleging that was “threatening to share the Metropolis’s stolen information with third events who would in any other case haven’t any available means by which to acquire the Metropolis’s stolen information.” A choose filed a short lived restraining order towards Ross, stopping him from accessing the stolen information. 

In a list on its leak website, seen by TechCrunch on Monday, Rhysida claims to have uploaded 3.1 terabytes of “unsold” information stolen from Columbus, amounting to greater than 250,000 recordsdata.