The City of Columbus in Ohio has filed a lawsuit against a researcher named David Leroy Ross, also known as Connor Goodwolf, claiming he collaborated with the ransomware attackers to obtain and disseminate stolen data. The city experienced a ransomware attack on July 18, which it initially disclosed publicly.
However, in early August, the Rhysida ransomware gang leaked 3.1TB of data on its Tor- based site, claiming it was stolen from Columbus’ systems. Mayor Andrew Ginther later acknowledged that the attackers had stolen encrypted and corrupted data.
The city initially offered free credit monitoring services to employees who shared personal information, but after Ross claimed the breach was bigger than what the city disclosed, the city expanded the offering to include anyone who shared personal information with the city.
Ross alleged that the stolen data included names, Social Security numbers, and other private data, much of which dealt with police officers and crime victims. The city claims that Ross’ actions represent an invasion of privacy and is seeking a restraining order to prevent him from accessing the stolen data on the Dark Web.
A temporary restraining order was granted by an Ohio judge, preventing Ross from disseminating data from Rhysida’s site but not barring him from discussing the incident or the stolen data with the media.
Source: https://www.darkreading.com/cyberattacks-data-breaches/city-of-columbus-sues-researcher-after-ransomware-attack