Columbus IT Director Retires Amid Fallout from 2022 Cyberattack
Sam Orth, the longtime Director of Technology for the City of Columbus, is retiring nearly two years after a devastating cyberattack exposed the personal data of hundreds of thousands of residents. Columbus City Council will recognize Orth’s service in a resolution co-sponsored by all nine members during its Monday evening meeting.
The attack, carried out by the cybercriminal group Rhysida in 2022, compromised terabytes of city data, which was later leaked on the dark web. Columbus was among several municipalities targeted that year, including Cleveland. Initially, city officials claimed the attack had been contained and that the stolen data was unusable until a whistleblower, IT expert Connor Goodwolf, revealed that sensitive information for at least 500,000 people had been exposed. Goodwolf also criticized Orth for slow response times and inaccurate reporting to Mayor Andrew Ginther, including a disputed claim that only criminals use the dark web.
In the aftermath, the city implemented a "zero trust network" requiring continuous identity verification for system users. However, internal accountability remained limited eight Department of Technology employees were terminated, retired, or resigned following the breach, though personnel records do not link their departures to the incident.
Orth, appointed by Ginther in 2016, oversaw Columbus’s IT infrastructure for a decade, including the rollout of body-worn cameras for police officers. His career also included roles at Apple, the Ohio Education Computer Network, and the Ohio Office of Information Technology. His last day is Friday, with Deputy Director Pam O’Grady stepping in as interim director. O’Grady, whose experience is primarily in government affairs, previously worked for former Columbus Mayor Michael Coleman and Ohio Governor Ted Strickland.
Meanwhile, WOSU’s public records request for communications between the mayor and senior officials during the attack remains unfulfilled over a year later. The city reported in February that the request yielded over 2,200 records still under review.
City of Columbus TPRM report: https://www.rankiteo.com/company/city-of-columbus
"id": "cit1782196062",
"linkid": "city-of-columbus",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '500,000',
'industry': 'Government',
'location': 'Columbus, Ohio, USA',
'name': 'City of Columbus',
'type': 'Municipality'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '500,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2022',
'date_publicly_disclosed': '2022',
'description': 'A devastating cyberattack carried out by the cybercriminal '
'group Rhysida in 2022 exposed the personal data of hundreds '
'of thousands of residents of Columbus, Ohio. The attack '
'compromised terabytes of city data, which was later leaked on '
'the dark web. The incident led to the retirement of the '
"city's Director of Technology, Sam Orth, amid criticism of "
'slow response times and inaccurate reporting.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Terabytes of city data',
'identity_theft_risk': 'Yes'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'motivation': 'Cybercrime',
'post_incident_analysis': {'corrective_actions': 'Eight Department of '
'Technology employees were '
'terminated, retired, or '
'resigned; implementation of '
"a 'zero trust network'"},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'WOSU Public Media'}],
'response': {'remediation_measures': "Implementation of a 'zero trust "
"network' requiring continuous identity "
'verification for system users'},
'threat_actor': 'Rhysida',
'title': 'Columbus Cyberattack by Rhysida',
'type': 'Data Breach'}