On July 18, the city of Columbus experienced a data breach that, among other things, exposed the private information of everyone who visited City Hall. And yet, city officials failed to inform anyone that their security might be at risk when the breach occurred.
Coincidentally, the CrowdStrike outage occurred on July 19, making the city’s technical issues and email outage appear to be a CrowdStrike-related problem. But when other systems came back online and the city’s email was still down on July 22, the data breach was discovered by residents.
On July 22, I received an email from a colleague who works for the city, informing me and several others that the city’s email addresses had been unable to send or receive messages since the previous Thursday. Around 1 p.m., I posted on X (formerly Twitter) about the email outage.
Seven hours later, at 8 p.m., Mayor Andrew Ginther posted a statement to X saying, “The City of Columbus is working diligently to restore its systems following a cybersecurity incident. The City’s Technology Office detected an anomaly while monitoring its systems on Thursday, July 18, unrelated to the global IT outage. The Office took swift action to significantly mitigate the potential risk, including disconnecting internet connectivity. This proactive measure has resulted in outages of some IT services for residents, which may take time to restore. However, the City’s 9-1-1 and 3-1-1 systems, as well as employee payroll, are still operational. The City has engaged law enforcement and cybersecurity experts to eradicate the threat, comply with applicable law, and mitigate further risk. If individuals are impacted, they will be notified.”
Over time, we learned that some payroll systems and 311 phones were manual-entry based, and that law enforcement systems were also affected, including officers’ ability to use LEADS (Law Enforcement Automated Data System).
Local media reported the story extensively and even interviewed Ginther several times. However, instead of admitting facts that had been independently verified, such as the publication of the personal information of the news stations’ employees, Ginther continued to lie and claim that the stolen data was “corrupted or likely unusable,” which was not the case. He also said that attempts by cybercriminals to encrypt city data were “thwarted,” thereby downplaying the severity and extent of the breach. This led to some news channels deny his statements and shortens his interview excerpts.
From my own experience, I know for sure that my private data has been released, because I have been to City Hall several times in the last few years and had my driver’s license scanned each time. Despite this, I have not received any official notification from the city. I have randomly found news articles published online with instructions for Residents learn how to sign up for a credit monitoring service offered by the city.
This brings us to the real questions: Why did Columbus not inform the affected individuals that their information was compromised? And why does Ginther continue to lie about the extent of the data released by hackers?
The answer is a bit of a vicious circle for citizens. While many of us are victims of the data theft, we are also the ones who ultimately have to pay any settlements or judgments with our tax dollars. This means that the more truthful Ginther is in his statements, the more influence the law firm representing the citizens has. in a legal dispute and the more taxpayer money the city will ultimately have to pay to settle the lawsuit. It’s bad all around!
As is usually the case with large class action lawsuits, each victim will likely end up receiving only a check of minimal value, while the representing law firm will pocket about a third of the total compensation amount.
Attorneys at Cooper Elliott and Meyer Wilson have already filed a class action lawsuit against the city over the data breach. These firms have offices on Nationwide Boulevard and Neil Avenue. Cooper Elliott has recently been in the news for representing clients such as the family of Donovan Lewis And one of the victims of the Fire Ball ride Breakdown at the Ohio State Fair.
The lawsuit began as a claim against the city on behalf of police officers whose leaked financial information may have been used to damage their credit and whose undercover status may have been exposed. With the addition of everyone whose information was leaked, the lawsuit has now evolved into one that could affect any adult in the city.
We know that 77 percent of police officers in Columbus don’t live in the cityso forcing Columbus taxpayers to give them even more money is nothing new. But with the potential addition of every resident whose data was leaked, we’re essentially fighting ourselves. Personally, I’d rather spend the money on finally buying some sidewalks for my neighborhood.
We can blame Ginther for all this nonsense. Had he been honest and disclosed information as soon as the data was released, we could all have done at least something to protect ourselves. Had he been, the amount of compensation would probably have been much lower. But he didn’t. He decided to remain silent until July 22nd and not make a statement until the news broke on its own. And then he lied nonstop, even before the lawsuit was filed.
Columbus residents may be upset about this tremendous failure, but Ginther’s voters are ultimately the reason we are in this situation. It seems to me that Corruption was approved every time voters went to the polls and saw the screen next to Ginther’s name. But when things like this data theft and subsequent cover-up happen, people complain as if they were deceived.
In a way, Columbus voters asked for this. They reelected a man whose wife worked for OhioHealth at the same time. The city donated land and fully funded the new OhioHealth Route 315 exit ramp.A man Who was involved by asking the red light camera company Redflex for a $20,000 “success bonus” before he was even elected mayor. A man who last Allegation of unauthorized contact with the judge who heard the city’s attempt to close a West Side bus station. He didn’t hide who he was. The voters simply lied to themselves.
I have never voted for Ginther. I know I won’t have another chance to vote against him, as we are likely counting down the months until City Council President Shannon Hardin is chosen as the next mayor. But I have to live with the choices of my neighbors, the majority of whom seem to believe that a “D” next to a name on a ballot means the person automatically deserves the office.
Ultimately, we get what we vote for.
