The city of Columbus believes that city "data has been accessed" by a "foreign cyberattack," an assistant police chief notified officers in a statement released Thursday morning.
The notification comes as up to a dozen police officers have made known concerns that personal bank and credit card information appear to have been compromised. It is still unknown if those reports — which began being made Wednesday afternoon — are connected to the city's massive cyberattack that has disrupted a host of city computer systems.
"As we are not yet fully aware of the specifics regarding the data that has been accessed at this time, I strongly suggest making changes to your passwords and codes on both your personal and professional devices," Columbus Division of Police First Assistant Chief LaShanna Potts informed officers in an email that was shared with The Dispatch.
Mayor Andrew J. Ginther's administration on Thursday continued to not disclose detailed information on the extent of the damage that occurred on July 18, when the city's computer technicians detected a cyberattack and reportedly took steps to try to disrupt it.
Glenn McEntyre, spokesman for the city Department of Public Safety, referred questions Thursday morning about the extent to which police officers' personal information may have been compromised to the mayor's office.
Ginther spokesperson Melanie Crabill responded: "We are aware of this matter" involving police officers financial accounts, and acknowledged "that this situation is both serious and ongoing," but the city "may not be at liberty to discuss the ongoing situation or investigation, in order to support an effective investigation and protect our IT infrastructure and confidential information.
"As such, we are unable to offer further comment today."
The Dispatch reported Thursday that despite Ginther's statement Monday that his administration had thwarted the ransomware's encryption attempts, Rhysida, an international ransomware group that has attacked targets in the U.K., U.S. and Chile, listed stolen Columbus city government data on its dark website Wednesday, offering it for sale. It wasn't immediately clear what information was for sale.
"Late Wednesday afternoon more and more officers had contacted us saying, hey, I think my data may have been compromised," said Brian Steel, who heads the Fraternal Order of Police Capital City Lodge #9, the union for city officers.
"We're just telling our members to take proactive steps, sign up for monitoring services, change your bank account numbers for your direct deposit, all of those things," Steel said. "The more and more that are calling it leads me to believe it's because of the data breach."
About a dozen officers have noticed issues thus far, Steel said, who noted the city administration did not provide any previous warning that personal information for employees might be compromised.
"Some guys are saying, hey, my credit cards got hacked. Some are saying there's been bank account (issues), I've been getting alerts saying someone is trying to open up a line of credit in my name. ... Another individual said money was taken out of my bank account that I didn't take out."
When the union contacted the city for advice, "they kind of have their script" that they are sticking to, Steel said.
Potts message to officers added, "We have been impacted significantly by a foreign cyber-attack designed to disrupt the city’s IT infrastructure. While an encryption attempt was prevented, we do believe some of our data has been accessed. This is still a very fluid investigation."
City departments still hampered after attack
Other city departments are still working to become fully functional after the cyber attack two weeks ago. On Thursday, the city's Parking Services website has this note at the top: "We are currently experiencing technical difficulties and are only accepting CASH payments for impound releases. Ticket and permit payments may be made online but not processed at our facility. Sorry for the inconvenience."
The Building and Zoning Department website carries this notice: "For the time being our electronic services and access to email are disabled, but we are accepting paper applications for permits, licenses, and registrations. Applications and Zoning Confirmation Letter requests can be delivered to our office and inspections can be requested by calling" on the telephone during business hours.
"Thank you in advance for your patience and understanding. We will let you know when our normal services resume."
As for the 311 city complaint line, which was operating on a paper-only basis due to the cyberattack, its website says: "Update: As of Wednesday, July 31st, the 311 website and mobile app are accepting service requests."
Steve Stein, president of the Columbus Fire Fighters Union IAFF Local 67, said he isn't aware of any similar issues facing firefighters.
But he had talked with Steel Thursday morning, and "sounds like there have been some data breaches on the police side," Stein said. "It sounds like they have some real issues."
wbush@gannett.com
@ReporterBush
This article originally appeared on The Columbus Dispatch: Columbus cyberattack potentially hits police officers' personal bank accounts, credit cards
Most Popular
Comments / 0