COLUMBUS, Ohio — The city of Columbus' attorney's office reached a preliminary agreement with an IT expert who claimed to have downloaded hacked information from the dark web that was stolen during the city's cybersecurity incident in July.

City Attorney Zach Klein said the agreement was reached Wednesday with David Ross, also known as Connor Goodwolf, in a preliminary injunction submitted to the court.

What You Need To Know

  • City Attorney Zach Klein said the agreement was reached Wednesday with David Ross, also known as Connor Goodwolf, in a preliminary injunction submitted to the court

  • Within the agreement, Ross will be able to dialogue with the city regarding the breach while protecting the exposed sensitive data from being shared

  • Through the agreement, Ross is not allowed to share city data obtained that identifies Personal Identifiable Information, including Social Security Numbers, driver's license numbers, bank account information, credit card numbers, medical information or other sensitive material

  • Ross cannot share data from Columbus' MATRIX prosecutor or crime databases

Within the agreement, Ross will be able to dialogue with the city regarding the breach while protecting the exposed sensitive data from being shared. Klein said in a news release the agreement does not affect Ross' ability to discuss the cyberbreach and the kinds of data exposed, including to media.

“The City and our counsel met with Mr. Ross several times over the past week. While the content of these conversations is confidential, I can say that these discussions were positive and led to an agreement submitted to the Court that prevents sensitive data from being disseminated, protects public safety and respects free speech," Klein said in a news release. “Like many, I remain concerned about anyone having access to this sensitive data, and as this investigation into the cyber intrusion continues, the City Attorney’s Office will continue to keep the best interest of residents, victims, police officers and our city at heart. That remains our top priority.”

Through the agreement, Ross is not allowed to share city data obtained that identifies Personal Identifiable Information, including Social Security Numbers, driver's license numbers, bank account information, credit card numbers, medical information or other sensitive material. Ross cannot share data from Columbus' MATRIX prosecutor or crime databases.

"A heartfelt thank you to everyone who has been extremely supportive. I've heard from concerned and caring individuals, ranging from the community at large to those in the cybersecurity, engineering and technology sectors," Ross said. "From the beginning, my goal has been to inform the public and ensure everyone’s safety. I firmly believe individuals impacted by a cybersecurity incident should be informed immediately, rather than waiting months, to know if their personal information has been leaked to the dark web."

Ross said the agreement is a good first step and that he looks forward to future discussions with the city. He said his ultimate goal is to have the case dismissed with prejudice.

Klein's office agreed to extend the response date to the lawsuit by 28 days to Oct. 30.

Related Stories