The City of Columbus, Ohio, says it’s investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City’s services.

The attack caused disruptions in public-facing services, seeding confusion about whether the IT outages were linked to CrowdStrike’s faulty Falcon configuration update.

Not many details were provided then, but Mayor Andrew J. Ginther stated on June 23 that the outage was part of the City’s response to a cybersecurity incident.

Email services and IT connectivity between public agencies were rendered unavailable, but the 911 and 311 lines and all public safety and emergency services continued to operate as usual.

Columbus is the capital and most populous city in Ohio, with a metropolitan area population of 2,140,000.

Foreign ransomware actors blamed

An update published on the City’s website yesterday confirms that the City of Columbus suffered a ransomware attack that was successfully thwarted, and no systems were encrypted.

The City’s authorities noted that its response to the incident was quick, engaging the FBI and Homeland Security department, which allowed the threat to be contained.

Mayor Ginther stated that the attackers were “an established, sophisticated threat actor operating overseas,” though no specific threat group names or other information were given.

However, the attack’s outcome hasn’t been fully appreciated yet, and the possibility of citizen data having been stolen isn’t ruled out at this point.

“The incident remains an ongoing situation and the investigation is in its earliest stages,” reads the announcement.

“The city is in the process of identifying individuals whose personal information was potentially exposed and will provide notice and additional guidance to all who are impacted in the coming weeks.”

Today, Columbus Navigator reports that hackers accessed the City’s internal network after an employee downloaded a ZIP file from a website.

Columbus citizens who are potentially impacted by this incident are advised to stay alert for phishing or scamming attempts that leverage stolen information.

The City’s authorities are expected to publish an update in the upcoming period to specify whether any data has been stolen. If so, the City will notify those who have been impacted.