Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant

In July, Columbus, Ohio, experienced a ransomware attack, which initially appeared to be a typical breach. However, the city’s unusual response sparked concern among cybersecurity experts and legal professionals. IT consultant David Leroy Ross, also known as Connor Goodwolf, uncovered a significant breach exposing sensitive data from various city databases, including arrest records, domestic violence cases, and personal information. 

This attack, carried out by the Rhysida Group, affected the city, police, and prosecutor’s office, with some databases going back to 1999.

Goodwolf, whose expertise involves monitoring dark web activities, discovered that over three terabytes of data had been stolen. Among the exposed data were personal identifiable information, protected health information, and social security numbers. Goodwolf expressed particular concern over the exposure of sensitive information involving minors and domestic violence victims, emphasizing that they were now victimized a second time. 

Despite the serious implications, the city’s response appeared to downplay the breach. At a press conference in mid-August, Columbus Mayor Andrew Ginther claimed that the stolen data was encrypted or corrupted, making it largely unusable. Goodwolf, however, contradicted this statement, revealing that the data he found was intact and usable. When he attempted to notify city officials, he was met with resistance and a lack of cooperation.

As a result, Goodwolf turned to the media, which led the city of Columbus to fil

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.