COLUMBUS, Ohio — Plenty of questions remain a day after a judge granted a temporary restraining order against an IT expert who says he's gained access to data hacked from the City of Columbus. 


What You Need To Know

  • The City of Columbus has filed a temporary restraining order against an IT expert who claims to have gained access to data hacked from the city

  • The order is against David Ross, who goes by the alias Connor Goodwolf

  • Some say the order prompts ethical questions

The order is against David Ross, who goes by the alias Connor Goodwolf. The city is worried about what might happen if data he has access to gets released. It says the restraining order will help protect the city's residents, but Goodwolf says that was his intention all along. 

Goodwolf says he's gained access to decades worth of the data that was hacked from the City of Columbus, including personal information, police reports and even pictures of sensitive documents. Goodwolf says his intention with downloading the information is to create a site letting people know if their information was released to the dark web, but some say that prompts ethical questions.

“Finding the information, I don't think crossed any line," said Cassandra Robertson, professor of law at Case Western Reserve University. "Publicizing the information goes a little bit further, and that's where I think you're going to see some arguments on both sides." 

Robertson says people need to know if their information was hacked, but at what cost? 

“Ethically, I think people certainly should be considering the privacy interests of those individuals whose information was hacked,” she said.

As far as the city's actions go, Robertson thinks the temporary restraining order could do some good. 

"That's probably not a bad approach to handling this case,” she said, “and it'll give the parties that chance to make the argument about what information should be further protected and what information really should be made available in the public interest." 

But Goodwolf likely isn’t the only one who can access the data.

Cybersecurity expert Daniel Maldet said he could review it as well but is taking a different approach.

"I took a position of never downloading anything,” Maldet said, “because I didn't personally want that information on my computer. But I'm not saying that's crossing the line. Crossing the line is if you do illegal activity. I will consider illegal activity as far as like providing that information to someone else or using it for illegal purposes.”

While the full extent of the damage is still unclear, Maldet says it’s all a reminder to everyone to take the necessary precautions.

"This will continue to go on with cities and businesses,” he said. “The best thing that people and other businesses can do is to remain diligent, be aware that this can happen and take advantage of what the city's offering, which is free credit monitoring, freeze credit reports and just change passwords and use multi-factor authentication."

Goodwolf says he plans to hire an attorney and will consider filing a lawsuit against the city once the temporary restraining order is resolved.

As a reminder, anyone who’s given their information to the city can still sign up for free credit monitoring.