The City of Columbus is now facing a class-action lawsuit, filed on Friday, over its handling of the recent Rhysida ransomware attack. The lawsuit, prepared by law firms Cooper Elliott and Meyer Wilson, invites all city employees, as well as the Franklin County Municipal Court judges and clerk's offices, to participate. However, what has brought the attention to the forefront are the claims made by two Columbus police officers, identified only as "John Does #1 and #2."

In response to the ransomware attack, Mayor Andrew Ginther downplayed the potential danger of the stolen data, noting that no buyers had surfaced for it, indicating a lack of value to those seeking to exploit it for harm or financial gain. However, attorneys representing the two police officers rebutted these claims. They cited that John Doe #1 had already received notifications from his bank and credit card provider, confirming that his social security number had been compromised and found on the dark web. Moreover, John Doe #2, an undercover officer, expressed concerns about his safety if his identity as a police officer were to be revealed, fearing not only the compromise of ongoing criminal investigations but also his own life being in "clear and present danger."

The lawsuit also accuses the city of Columbus of mishandling the ransomware attack and keeping employees "in the dark" since its detection on July 18. Despite the city's assertion that its IT staff identified a downloaded .zip file as the source and successfully prevented the encryption of city systems and employee lockouts, Mayor Ginther admitted the possibility that personal data may have been accessed by the attackers.

In late July, Rhysida, the group behind the ransomware attack, claimed responsibility and advertised 6.5 terabytes of the city's data on an onion site. Two failed auctions seeking 30 bitcoins (equivalent to just under $2 million) were conducted, leading Rhysida to release over three terabytes of city data on the dark web.

The lawsuit argues that the city's response to the cyberattack was inadequate and accuses it of failing to implement necessary measures to protect against such breaches prior to the attack. The attorneys seek a jury trial and have brought six causes of action against the City of Columbus.

As of now, the mayor's office has declined to comment on the pending litigation. It is worth noting that the lawsuit does not directly name Rhysida as the perpetrator of the ransomware attack, although Mayor Ginther has acknowledged the claims made by a "threat actor" who allegedly leaked the data online. However, the lawsuit includes a screenshot directly from Rhysida's onion site as evidence.

The class-action lawsuit highlights the challenges faced by the City of Columbus in the aftermath of the ransomware attack, emphasizing the need for stronger cybersecurity measures to safeguard sensitive information and protect the personal safety of its employees, notably those in law enforcement.