Columbus, Ohio, the capital and most populous city in the state, faced a significant ransomware attack on July 18, 2023, which compromised the personal information of over 500,000 residents.

The breach involved sensitive data, including names, birth dates, addresses, bank account details, Social Security numbers, and city employment records.

Details about the breach were disclosed in a filing with Maine's attorney general, although initial notifications to affected individuals did not specify the total number of victims or the nature of the stolen data.

Stephen Kowski, Field CTO at SlashNext Email Security, noted that a lawsuit filed by the city aimed to protect sensitive data during ongoing investigations rather than deny the breach.

This incident highlights the ongoing challenges organizations face in managing incident responses while safeguarding sensitive data from exposure.

The Rhysida ransomware group, linked to Russian cybercriminals, claimed responsibility for the attack, asserting they stole 6.5 TB of data and demanded a ransom of 30 Bitcoin, approximately $1.9 million.

Mayor Andrew Ginther faced backlash for initially downplaying the severity of the breach, later confirming that sensitive information had indeed been stolen.

Despite the city claiming there is no evidence of misuse of the stolen data, local media reported incidents of bank account breaches among city staff following the attack.

The city filed a lawsuit against cybersecurity researcher Connor Goodwolf, seeking damages and a restraining order to prevent further distribution of the leaked data, which has drawn criticism from the cybersecurity community.

In response to the breach, Columbus is offering 24 months of free credit monitoring and identity protection services to all residents as a precaution against potential fraud.

The Columbus ransomware attack stands as one of the largest data breaches involving a U.S. city, raising significant concerns about cybersecurity practices and the protection of personal information.

As the city works to enhance its cybersecurity infrastructure, residents are advised to take protective measures, including changing passwords and enabling two-factor authentication.