Meyer Wilson's team of data breach lawyers filed a class action lawsuit on August 8, 2024, on behalf of City of Columbus employees in a major cybersecurity incident, where the Rhysida ransomware group has already leaked over three terabytes of stolen data from the City of Columbus on the dark web.
This data dump includes personal files of Columbus employees, SQL database backups, and potentially sensitive information such as login credentials, Social Security numbers, and access to city video cameras.
The Columbus ransomware attack comes after two failed auctions by the hackers, where they attempted to sell the stolen data for a starting bid of 30 Bitcoin (approximately $1.7 million). The massive size of the leaked data, comprising 258,270 files, makes it challenging to determine the full extent of the breach and the potential damage.
Cybersecurity experts have expressed concerns over the gravity of the situation, as the leaked data may contain personally identifiable information of current and former city employees, as well as contractors.
The City of Columbus has acknowledged the public leak but has challenged the value and usability of the released data. Mayor Andrew Ginther stated that the failed auction is a strong indication that the data lacks value to those seeking to cause harm or profit from it.
The city is currently working with the FBI and the U.S. Department of Homeland Security to investigate the incident.
Our data breach lawyers filed a class action lawsuit on August 8, 2024, on behalf of City of Columbus employees whose personal information was compromised in a recent ransomware attack on the city's systems.
The lawsuit alleges that the City of Columbus failed to implement proper security measures to protect sensitive employee data, including social security numbers, passwords, and access credentials.
As a result, a ransomware group was able to gain unauthorized access to the city's servers and databases, exposing the personal information of police officers and other employees.
According to the complaint, the stolen data has been released on the dark web, putting the officers at risk of identity theft, financial fraud, and potential retaliation from criminals.
One of the plaintiffs, an undercover officer, fears that the exposure of their identity could jeopardize ongoing investigations and endanger their life. The lawsuit further claims that the City of Columbus failed to follow industry-standard data security practices and guidelines set forth by the Federal Trade Commission, leaving sensitive information vulnerable to cyber threats.
In addition to seeking damages and restitution for the affected officers, the class action aims to hold the city accountable for its alleged negligence in protecting the personal data of its employees.
While the Mayor's Office has disputed the value of the stolen data, Meyer Wilson argues that the release of such sensitive information damages employees and harms their financial well-being and peace of mind.
The Rhysida ransomware group attacked the City of Columbus's computer systems, stealing over 3 terabytes of data. After failing to sell this data in two auctions, they leaked it on the dark web.
The City of Columbus has acknowledged the leak but disputes the value and usability of the released data. They are working with the FBI and the U.S. Department of Homeland Security to investigate the incident.
Meyer Wilson's data breach attorneys filed a class action lawsuit on behalf of City of Columbus employees, alleging that the city failed to implement proper security measures to protect sensitive employee data.
The lawsuit was filed on August 8, 2024.
Affected employees are at risk of identity theft, financial fraud, and potential retaliation from criminals. There are also concerns about damage to financial well-being and peace of mind due to the nature of the data leaked.
The lawsuit aims to seek damages and restitution for affected officers and hold the city accountable for its alleged negligence in protecting employee data.
Since this case is a class action, it means that for now the case encompasses everyone who is a current or former City of Columbus employee. So, as it stands, you do not need to do anything in order to be a part of the case. If something changes or you need to do something, you will receive a notice from the Court.
In the meantime, please make sure to keep track of any sort of identity theft, fraud, or anything that seems like it could be related to this data breach, and save any receipts from any money you spend in connection with protecting yourself from fraud.
Class action cases take a while to litigate, so it could be some time before there are any updates.
We are working with technical experts to determine what information is available on the Dark Web. This is a time-consuming process and we are not done with it yet. So, we cannot say for certain at this time whose information is exposed. Given the volume of information that is out there, we believe it is reasonable and prudent for Columbus residents or those with substantial contact with the City of Columbus to take precautions to protect their personal and financial data.