In a concerning revelation, cybersecurity expert Connor Goodwolf has disclosed the contents of data stolen from the city of Columbus, revealing sensitive information about domestic violence victims and personal details of police officers and crime victims. The leak impacts not only city employees but also exposes personal information of residents and visitors spanning over two decades. The breach has raised serious concerns about privacy and security.

The leaked data includes names of domestic violence victims and Social Security numbers for police officers and crime victims alike. The information extends beyond city employees and encompasses residents and visitors who have visited Columbus City Hall in the past two decades. This extensive breach highlights the vulnerability of personal information and underscores the importance of robust cybersecurity measures.

Goodwolf, who previously analyzed Rhysida's auctions and subsequent leak on the dark web, provided a first-hand view into the downloaded contents on Tuesday afternoon. He emphasized that the sample he viewed represented only a fraction of the total 3.1 terabytes of stolen data. Despite this limited view, he managed to uncover server records from City Attorney Zach Klein's office and the ID scanning system used to access Columbus City Hall.

The ID scanning system's database contains driver's license numbers, home addresses, and full names of individuals who may have visited the building for various purposes such as city council meetings. NBC4's own employees were found in this database, confirming the accuracy of their captured personal information. Goodwolf expressed concern over the potential misuse of such sensitive information, stating, "You can do extreme damage to one's career, to one's bank accounts, sign up for Cash App, maybe terminate their utilities when you have information like this."

Furthermore, Goodwolf confirmed the existence of databases belonging to Klein's office and the Columbus Division of Police. The leaked information includes Social Security numbers and identities of domestic crime victims, suspects, and subpoenaed officers. This revelation aligns with allegations made in a class-action lawsuit against the city by Columbus police, which also highlights an undercover officer's cover being blown due to the leak.

Goodwolf initiated his investigation upon discovering his own information had been compromised in the leak. He has not yet thoroughly examined all the information but confirmed that some of what Rhysida offered on the dark web included city employee payroll databases. The files are encrypted; however, Goodwolf noted the presence of untested encryption keys within the leaked information.

Despite assurances from Mayor Andrew Ginther that the stolen data lacked value and could not be used due to encryption or corruption, cybersecurity expert Shawn Waldman advises residents to take immediate action to protect their personal information. He recommends contacting all three credit bureaus to freeze credit and enabling transaction notifications on credit cards and bank accounts for added security.

The hack, attributed to Rhysida and first detected on July 18, initially aimed to auction off 6.5 terabytes of stolen data for 30 bitcoin, equivalent to nearly $2 million. However, when no bidders emerged, the group released 3.1 terabytes of data on the dark web. The incident underscores the urgent need for robust cybersecurity measures to safeguard sensitive personal information and prevent such breaches in the future.