COLUMBUS, Ohio — New updates have emerged regarding the ongoing cybersecurity incident that has affected the City of Columbus for the past two weeks.

An online post indicates an international ransomware organization called ‘Rhysida’ could potentially be responsible for the attack. The company allegedly listed stolen Columbus City government data on the dark web and is offering to sell it. 


What You Need To Know

  • A ransomware data breach could have potentially placed sensitive data on the dark web 

  • Over a dozen police officers were affected by the incident 

  • Rhysida is allegedly holding an auction for data the organization reportedly stole from the City of Columbus on the dark web 

“A victim is never a big deal until you’re the victim,” said Brian Steel, President, Fraternal Order of Police Capital City Lodge #9.  

Steel told Spectrum News 1 that nearly a dozen officers have contacted him saying their finances have been compromised in one way or another. He claims several officers have reported having money missing from their bank accounts, credit taken out in their name and other personal information leaked. Meanwhile, Steel has not confirmed that those incidents are connected to the Columbus’ data breach. He says the investigation is ongoing, and he’s working with investigators to find out what exactly happened. 

“We find out that our data is out there now and is possibly being sold on the dark web,” Steel said. “We started getting phone calls.”

Steel says the momentum picked up last night when at least a dozen officers contacted them, letting them know something was wrong. They claimed credit was taken out in their names, and money was taken out of their bank accounts. 

“This is clearly a major issue,” Steel said. “We’re supporting the city. Whatever they need, we’re here to assist them with this. We understand it’s an investigation. They brought in the Federal Bureau of Education, which is outstanding. It came from somewhere overseas, apparently. What I want to know as a labor leader is how did this happen? If this is just something, an attack and we can’t stop, let’s work together to fix it.” 

The data breach allegedly occurred from an international ransomware company called ‘Rhysida’ It posted an auction online which it was willing to sell more than six terabytes of data for nearly $2 million. Cybersecurity experts say ransomware organizations often steal data, encrypt it, and sell it back to the organization from which it came.

“They could then try to figure out who the individual employees of the organization are ,” said Grant Neeley, director of the Center for Cybersecurity & Data Intelligence at the University of Dayton. “Maybe go after them to do some identity theft or compromise them in some way by using a stolen password.” 

Meanwhile, Victor Wieczorek, the Vice President of Offensive Security Service at GuidePoint Security, says situations like this one are not uncommon. He suggests freezing bank accounts. 

“Certainly, we advocate for everyone to contact the credit bureaus and to freeze your credit whenever possible,” said Wieczorek. “That helps to stop additional fraudsters or scammers from opening up additional credit cards or bank accounts or additional debt that might fall under your name and then just like walking down a busy city street, it’s important to have your wits about you and to understand that if you see things like flash emails or text messages or phone calls, if it seems too good to be true, it probably is. 

The City of Columbus says it is still investigating the incident and has yet to comment on the latest developments.

Correction: The previous version of this story misspelled GuidePoint Security. This has been corrected. (Aug. 12, 2024)