Columbus Engages Law Firm to Navigate Response to Cyber Attack

In light of a recent cyber attack that breached the city’s computer systems, Columbus has engaged with a law firm and a cybersecurity consultancy to conduct an investigation and strengthen future defenses.

Short Summary:

  • The Columbus Board of Public Works and Safety approved contracts with Pierson Ferdinand LLP and S-RM.
  • Investigation revealed that city email addresses and passwords were compromised; however, no financial data was stolen.
  • A class action lawsuit has broadened to include all affected residents, with law firms citing potential risks to personal safety and identity.

The city of Columbus has taken significant steps following a cyber breach that raised alarms about the security of its sensitive data. On July 24, officials detected unauthorized access to their computer systems, prompting immediate investigation measures. As a proactive response, the Columbus Board of Public Works and Safety convened to authorize agreements with Pierson Ferdinand LLP, a technology-focused law firm, and S-RM, a specialized cybersecurity consultancy. This decision comes as the city grapples with the implications of a security failure that potentially jeopardized thousands of residents’ personal information.

Mike Richardson, the city’s director of security and risk, addressed the board, stating,

“We reached out to our insurance company when this all occurred. They’ve been in contact with organizations that routinely assist communities and businesses in these situations.”

With Columbus securing a $1 million cybersecurity insurance policy—with a $25,000 deductible—the city sought representation through Pierson Ferdinand to manage their insurance claim during this crisis.

S-RM will be instrumental in conducting a forensic analysis to uncover the breach’s origins and extent. Their responsibilities include incident response services, aimed at not only containing the breach but also fortifying the city’s cyber defenses. Richardson elaborated on the firm’s role:

“What they’ll do is assist in seeing what was taken, so we actually know everything that was, we believe we know, but just to double check,”

signaling a thorough investigation to restore confidence in the city’s cybersecurity framework.

As the investigation unfolds, initial findings suggest that the breach involved the extraction of city email addresses and their corresponding passwords. Richardson reiterated that although the city did not endure a ransomware attack demanding payment for released information, the investigation is ongoing.

“While we believe that was all that was taken, we want to be absolutely certain,”

he confirmed to the board. Additionally, he reassured that payment information stored with third-parties remains unbreached.

In response to the severity of the incident, employees are now required to create new, more robust passwords and may soon adopt dual authentication methods as an added layer of security. When the breach occurred, the city’s IT team acted swiftly to limit further access, a move Richardson termed fortunate:

“We were very fortunate they shut the system down when they did,”

indicating the importance of rapid response in mitigating cyber threats.

The repercussions of this breach extend beyond the immediate technical response. A disturbingly relevant concern arose following revelations tied to a larger threat landscape; as reported, the recent cyberattack was linked to a ransomware group notorious for initiating breaches to exfiltrate sensitive data. The perpetrators behind the attack, identified as Rhysida, subsequently leaked vast datasets on the dark web, prompting widespread outrage among residents.

Just recently, law firms Cooper Elliott and Meyer Wilson amended an existing class action lawsuit against the city, expanding it to include all individuals potentially affected by these data leaks. Their original suit focused exclusively on city employees but was extended after cybersecurity analyst Connor Goodwolf uncovered a disturbing array of leaked personal information, including social security numbers and birthdates of nearly 500,000 residents. Goodwolf described what he found:

“There are cases of juveniles here, too.”

A mother of three whose data was among the compromised information expressed her distress:

“It’s uncomfortable because I have kids,”

emphasizing the personal stakes involved in these breaches, especially for victims of past crimes.

The law firms representing the aggrieved residents argue that the city displayed recklessness in safeguarding sensitive data, declaring,

“In today’s digital age, data equals dollars. But this breach is about more than money—it’s about people’s lives and identities being at risk,”

underscoring the profound implications for those involved.

In an effort to ameliorate the situation, the City of Columbus is offering complimentary credit monitoring services through Experian, covering up to two years of monitoring along with up to $1 million in identity theft protection for all impacted residents. This effort seeks to reassure the public as they navigate the fallout from the breach. Residents can sign up for these services via the city’s official website or through a dedicated helpline.

As the investigation into the breach and its fallout continues, Mayor Andrew Ginther expressed a commitment to transparency regarding the process. He acknowledged that initial assessments may have downplayed the extent of compromised information, stating,

“It was the best information we had at the time,”

particularly as information evolves quickly within the context of the ongoing investigation. His administration seeks to keep affected parties updated in real-time while adhering to the constraints of an active criminal investigation.

Overall, this incident highlights a substantial threat within the realm of cybersecurity affecting cities and municipalities, emphasizing the necessity for sophisticated preventive measures in today’s digital environment. Columbus stands as a reminder that no entity is immune to cyber threats and the importance of vigilance in safeguarding sensitive information. The forthcoming investigations, litigation, and responses will significantly shape the city’s cybersecurity policy going forward, as they seek to restore public trust in their administrative capabilities amidst rising concerns over cyber safety and integrity.

For residents, the situation serves as an unfortunate reminder of how vulnerable public information can be in a digitally interconnected world, where the misuse of data can trigger a cascade of repercussions affecting countless lives.

Similar Posts

Leave a Reply