City of Columbus sues man after he discloses severity of ransomware attack

The city of Columbus has filed a lawsuit against security researcher David Leroy Ross, who disclosed the extent of a ransomware attack that compromised sensitive data. The attack, attributed to the Rhysida group, occurred on July 18, resulting in the theft of 6.5 terabytes of data. Columbus Mayor Andrew Ginther initially claimed that the stolen data was unusable due to encryption or corruption. However, Ross provided evidence contradicting this assertion, showing that the data was intact and included sensitive information about city employees and residents. The city’s lawsuit alleges that Ross's actions constituted criminal acts, invasion of privacy, and negligence, claiming he interacted with the dark web to download and disseminate stolen data. A Franklin County judge granted a temporary restraining order against Ross, prohibiting him from accessing or sharing any city files posted online. Columbus City Attorney Zach Klein emphasized that the lawsuit is not about free speech but rather about protecting public safety and the integrity of ongoing investigations. The city argues that Ross's actions have endangered individuals' safety by revealing confidential information. Despite the restraining order, the sensitive data remains accessible on the dark web.

- Columbus sues researcher David Leroy Ross for disclosing sensitive data from a ransomware attack.

- The attack involved the theft of 6.5 terabytes of data by the Rhysida group.

- Mayor Ginther initially claimed the data was unusable, but Ross provided evidence to the contrary.

- A judge issued a temporary restraining order against Ross, limiting his access to the data.

- The city argues that Ross's actions threaten public safety and ongoing investigations.