Chief disturbed after database naming undercover Columbus officers found in leak

COLUMBUS, Ohio ( WCMH ) — Another database recovered from the Columbus data leak has revealed names of undercover city officers, as well as graphic and sensitive information from police reports previously sealed from public view.

Cybersecurity expert Connor Goodwolf showed NBC4 the Columbus Division of Police’s MatrixCrime database on Wednesday. Recovered from the Rhysida ransomware group’s dump of stolen city data on the dark web, it holds confidential records for cases of rape, homicide, child abuse and domestic violence. Dating back to 2014, it also contains data from CPD’s controversial Vice Unit that was added before the group’s disbanding in 2019 .

“Every single report from officers on the streets or if someone comes in to make a police report, it all goes to the specific database,” Goodwolf said. “There’s detailed information relating to the scene, weapon used or everything, whether the victim was injured, deceased, etcetera.”

Alongside graphic details from officers’ and victims’ narratives, the leaked database exposes sensitive information including victim Social Security numbers, addresses and phone numbers.

In a statement Wednesday night after NCB4’s latest reporting, Mayor Andrew Ginther said he was “outraged the city and our residents continue to be victimized by this cyberattack.”

“The dark web is for criminals,” Ginther said. “The people who stole data from the City of Columbus are criminals, and anyone using or disclosing stolen confidential information is a criminal.”

NBC4 has protected victims’ confidential information throughout its investigative coverage of the leak. Multiple cybersecurity experts, as well as the station’s attorneys and national standards team, all agree reporting on the extent of the data breach is a public service.

Goodwolf doesn’t have the full picture of the database just yet. He told NBC4 that part of it was partially corrupted while he downloaded it from the dark web, and there’s more information to come. Of the part he did recover, he flagged that some of the reports also name minor victims.

“I feel angry looking at all these domestic violence cases, looking at the cases to where minors were sexually assaulted, individuals 15 years and younger,” Goodwolf said. “Now they’re not just victimized at one point, now they can be victimized yet again.”

Some of the records also identify undercover Columbus police, an issue that attorneys mentioned in a class-action lawsuit filed against the city. While it’s not clear if undercover units currently in the role are at risk, Goodwolf forecasted what else could be in the corrupted portion of the database.

“We’re going to potentially see undercover officers who are undercover long term. We’re going to see references to confidential informants and individuals,” Goodwolf said. “Again, this database is not public record. It’s an investigatory law enforcement record … it’s not subject to Freedom of Information Act requests at all. So, we’re going to see a lot of damage coming from this if someone does decide to utilize it for unlawful means.”

In an exclusive interview and her first time speaking since the cyberattack was discovered July 18 , CPD Chief Elaine Bryant said NBC4 broke the news to her that her team’s database was found in the leak.

“It’s very disturbing to myself and all the members of the division,” Bryant said.

Bryant couldn’t give any specifics on protection for undercover officers whose identities may be compromised, because of how recently she found out. When NBC4 asked her about officers who told the Fraternal Order of Police their bank accounts had been hacked, she said it was up to another agency to look into.

“The city has teamed up with the FBI, so all of those investigations are being handled on the federal level,” Bryant said.

Goodwolf said as of Wednesday, he has looked through two of the three terabytes of data Rhysida leaked. The other findings have included that the leak compromised residents’ personal information , details on city employees, and investigative records from the city attorney’s office and Columbus Division of Fire.

Rhysida claimed responsibility for the hack on Columbus, launching an auction for 30 bitcoin – or around $2 million — on the dark web. After the group failed to secure bidders, the hackers publicly leaked the data on Aug. 8. The mayor’s office later announced the city would offer free credit monitoring for anyone affected.

Ginther’s full Wednesday evening statement is below:

“I am outraged that the city and our residents continue to be victimized by this cyberattack. As I have previously said, we can expect more personally identifiable information to be identified as having been posted on the dark web. The dark web is for criminals. The people who stole data from the City of Columbus are criminals, and anyone using or disclosing stolen confidential information is a criminal.

The FBI, City Attorney Zach Klein, our Department of Technology and cybersecurity experts continue to work around the clock on this active criminal investigation. I remind the public that it can be against the law to download or possess illegally obtained data.

We will continue to do everything in our power to support Columbus residents, crime victims and police officers and seek accountability for those exploiting their information.”

Columbus Mayor Andrew Ginther

For the latest news, weather, sports, and streaming video, head to NBC4 WCMH-TV.