City of Columbus

The City of Columbus suffered a severe cyber incident executed by the Rhysida ransomware group, resulting in the theft and public sale of over **6 terabytes of sensitive city data**. The attack forced the shutdown of multiple critical systems, with recovery efforts spanning **months** to restore full functionality. Five plaintiffs—including undercover police officers, firefighters, and a resident—reported **financial fraud** (unauthorized purchases, fraudulent bank accounts) and **extortion attempts** (ransom demands, threats of data exposure). The breach exposed highly sensitive employee and resident data, leading to identity theft risks and operational disruptions. While a lawsuit was filed alleging negligence in data security, it was dismissed due to **political subdivision immunity** under Ohio law, leaving victims without legal recourse despite documented harm. The attack underscored systemic vulnerabilities in the city’s IT infrastructure and the broader challenges of holding government entities accountable for cybersecurity failures.

Source: https://myfox28columbus.com/news/local/judge-throws-out-lawsuit-against-columbus-over-data-breach-ransomware-hack-rhysida-franklin-county-ohio

TPRM report: https://www.rankiteo.com/company/city-of-columbus

"id": "cit2794927100225",
"linkid": "city-of-columbus",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '6+ (5 city employees, 1 '
                                              'resident)',
                        'industry': 'public administration',
                        'location': 'Columbus, Ohio, USA',
                        'name': 'City of Columbus',
                        'type': 'government (municipal)'}],
 'data_breach': {'data_exfiltration': 'yes (6+ terabytes posted for sale)',
                 'personally_identifiable_information': 'yes (used for '
                                                        'identity theft, '
                                                        'fraudulent accounts)',
                 'sensitivity_of_data': 'high (includes undercover police '
                                        'officer and firefighter data)',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'employee records',
                                              'resident data',
                                              'potentially financial data']},
 'description': 'The city of Columbus was targeted by the Rhysida ransomware '
                'group, which exfiltrated over 6 terabytes of city data and '
                'posted it for sale. The attack disrupted multiple city '
                'systems, causing prolonged downtime. Five city employees '
                '(including an undercover police officer and a firefighter) '
                'and one resident filed a lawsuit alleging identity theft, '
                'unauthorized financial transactions, and extortion threats. '
                "The lawsuit was dismissed on September 26 due to the city's "
                'political subdivision immunity under Ohio law.',
 'impact': {'brand_reputation_impact': 'moderate (lawsuit, public disclosure '
                                       'of breach)',
            'data_compromised': '6+ terabytes',
            'downtime': 'months (for some systems)',
            'identity_theft_risk': 'high (unauthorized purchases, fraudulent '
                                   'accounts, extortion threats)',
            'legal_liabilities': 'lawsuit dismissed (political subdivision '
                                 'immunity)',
            'operational_impact': 'severe (system shutdowns, prolonged '
                                  'recovery)',
            'payment_information_risk': 'high (fraudulent bank accounts '
                                        'opened)',
            'systems_affected': 'multiple (city systems)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'yes (6+ terabytes posted '
                                                    'for sale)',
                           'high_value_targets': ['city employee data',
                                                  'resident data']},
 'investigation_status': 'closed (lawsuit dismissed; no further details on '
                         'technical investigation)',
 'motivation': ['financial gain', 'data theft', 'extortion'],
 'post_incident_analysis': {'root_causes': ['alleged failure to follow '
                                            'industry standards',
                                            'federal data security '
                                            'guidelines']},
 'ransomware': {'data_exfiltration': 'yes (6+ terabytes)',
                'ransomware_strain': 'Rhysida'},
 'references': [{'source': 'Court ruling by Judge Carl Aveni (Franklin '
                           'County)'},
                {'source': 'Lawsuit documents (John Doe plaintiffs vs. City of '
                           'Columbus)'}],
 'regulatory_compliance': {'fines_imposed': 'none (lawsuit dismissed)',
                           'legal_actions': 'lawsuit filed (dismissed on '
                                            'September 26, 2023)',
                           'regulations_violated': ['alleged failure to follow '
                                                    'industry standards',
                                                    'federal data security '
                                                    'guidelines']},
 'response': {'recovery_measures': 'prolonged (months to restore some '
                                   'systems)'},
 'threat_actor': 'Rhysida',
 'title': 'Rhysida Ransomware Attack on the City of Columbus',
 'type': ['ransomware', 'data breach', 'identity theft', 'extortion']}