Mayor Andrew J. Ginther, City of Columbus | City of Columbus website
Mayor Andrew J. Ginther, City of Columbus | City of Columbus website
Published on July 29, 2024
The City of Columbus’ ongoing investigation into a July 18 cybersecurity incident has revealed that a foreign cyber threat actor attempted to disrupt the city’s IT infrastructure, possibly aiming to deploy ransomware and solicit a ransom payment. The city's Department of Technology quickly identified the threat and took action to significantly limit potential exposure, including severing internet connectivity. While the threat actor’s activity was disrupted, an investigation is ongoing to determine the amount of city data potentially accessed.
Upon identifying the threat actor's activity, the city immediately engaged the FBI and Homeland Security to further protect its systems and data. The incident remains under investigation, which is in its earliest stages. The city is currently identifying individuals whose personal information may have been exposed and will provide notice and additional guidance to those affected in the coming weeks.
“The City of Columbus was the victim of a crime committed by an established, sophisticated threat actor operating overseas. I’m grateful for the swift and bold action of our Department of Technology, the FBI and Homeland Security to protect our IT systems, our residents and our employees,” said Mayor Andrew J. Ginther. “We continue to focus on restoring city services. We appreciate the grace our residents have offered us and the dedication of our employees working to keep our city running. We will support a thorough investigation and help educate other cities on how they can avoid falling victim to similar attacks.”
The Department of Technology, working with federal authorities and cybersecurity experts, has been engaged in a methodical process to ensure that its technology systems are hardened against further breaches before bringing them back online. The 9-1-1 and 3-1-1 systems have remained operational throughout efforts to protect and restore IT connectivity. External email is now operating on city devices inside city buildings.
Additional forensic investigation has uncovered that the threat actor gained access to the city’s system through an internet website download rather than an email link as originally believed.
City Hall
90 West Broad Street
Columbus, Ohio 43215
Phone: (614) 645-3111