SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

City of Columbus Ransomware Attack Impacts 500,000 People

The City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack.

The City of Columbus, Ohio, is notifying 500,000 individuals that their personal information was stolen in a July 2024 ransomware attack.

The incident occurred on July 18 and resulted in the city taking systems offline as a containment measure, which impacted multiple services.

In late July, the city announced that the attack was stopped before file-encrypting ransomware could be deployed on its systems.

In early August, the city sued security researcher David Leroy Ross, also known as Connor Goodwolf, for telling the local media that the personal information of residents was stolen during the attack. The city’s officials previously said that only corrupted, unusable data had been exfiltrated.

Ross discovered that the Rhysida ransomware gang had leaked on its Tor-based website 3.1 terabytes of information supposedly exfiltrated from Columbus’ systems. The group claimed the theft of 6.5 terabytes of data and leaked the information after failing to extort the city and to auction the data.

In its notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office, the city has confirmed that the perpetrators posted on the dark web an abundance of allegedly stolen data.

Advertisement. Scroll to continue reading.

The potentially compromised information, Columbus says, includes names, addresses, dates of birth, bank account information, driver’s license information, Social Security numbers, and other identifying information.

Columbus notes that it is not aware of any misuse of the compromised personal information for identity theft or fraud, but is providing the potentially impacted individuals with 24 months of free credit monitoring services, which include identity restoration assistance.

The City of Columbus told the Maine AGO that 500,000 people might have been affected. The capital of Ohio and the most populous city in the state, Columbus is home to over 900,000 people.

Related: In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article

Related: Four REvil Ransomware Group Members Sentenced to Prison in Russia

Related: Avast Releases Free Decryptor for Mallox Ransomware

Related: Fujifilm Restores Services Following Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

Varun Kohli has joined GetReal Security as Chief Marketing Officer.

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.