ru24.pro
News in English
Август
2024

Another lawsuit piles on Columbus over ransomware attack and leak

0

View a previous report on a lawsuit filed against the City of Columbus in the video player above.

COLUMBUS, Ohio (WCMH) -- The City of Columbus is facing yet another class-action lawsuit over its handling of a Rhysida ransomware attack that ended with hundreds of thousands of files -- including personal data -- leaked on the dark web.

On Tuesday, attorney Zach Schiff filed the lawsuit in Franklin County Common Pleas Court. While the 18-page complaint document wasn't available online, his firm Scott Schiff & Associates confirmed the case was connected to the Columbus ransomware attack. The group has eight plaintiffs kept anonymous with the names "John Doe," and a ninth marked "Jane Doe," on the case record, noting they were employees of the Columbus Division of Police and the Division of Fire.

In a news conference at 1 p.m., Scott Schiff was joined by a CFD union president Steve Stein and Brian Steel, the president of the local Fraternal Order of Police chapter that represents CPD. They clarified while the case records show nine plaintiffs, they intend to make this a class-action lawsuit representing 2,400 police and 1,700 union firefighters.

Stein said even ahead of the city's offer of free credit monitoring for employees, the Columbus Firefighters Union was already working on the same for its members.

"The union had gone and invested in separate identity theft protection and credit monitoring services," Stein said. "We've had hundreds and hundreds of members reach out for those protections."

Steel also detailed some of the damage that officers have seen since the leak.

"We've had everything from United Healthcare accounts that have been hacked open, Gmail accounts hacked open," Steel said. "We've had money taken out of accounts, it grows every day, so I don't have an exact number, but enough that we thought it was time to reach out for legal help."

A spokeswoman for the mayor's office said they could not comment on pending litigation. The City of Columbus had no attorney on file as of Tuesday, similar to its record for a previous lawsuit. City Attorney Zach Klein, whose case database was found within the dark web dump, confirmed Saturday that Columbus would bring in outside counsel to defend it. With damage to his office readily apparent from the leak, Klein could potentially qualify as a claimant against the city.

The new lawsuit is the second to come from attorneys representing members of Columbus' law enforcement agencies. The previous class-action filing from firms Cooper Elliot and Meyer Wilson accused the city of keeping police "in the dark" on the ransomware attack. They noted it resulted in one anonymous officer's private information being leaked, and another undercover cop's cover being blown. That first lawsuit extended its class-action membership to anyone who was affected after citizens' data was also found within the leak.

Scott Schiff also elaborated on the decision to file a second case, and confirmed it's possible the lawsuit could extend to the public.

"Everybody's got a right to counsel of their choice ... If there's multiple cases, the judge can decide who to consolidate the cases to, and pick a lead counsel to prosecute this matter," Schiff said. "We're open for business for any citizen that feels that their personal information has been leaked without their consent."

Columbus Mayor Andrew Ginther also said Friday that the city would extend an offer of free credit monitoring beyond employees. Columbus IT staff first detected a ransomware attack on July 18, and Ginther said they were able to stop hackers from encrypting city systems by cutting off access to the internet. However, he admitted personal data may have been taken during the incident.

The Rhysida ransomware group later claimed responsibility for the attack, and launched an auction on the dark web seeking 30 bitcoin -- or just under $2 million -- for access to 6.5 terabytes of stolen Columbus data. When they failed to secure bidders, the group decided to dump 3.1 terabytes publicly on the dark web.