back to article Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack

The City of Columbus, Ohio, has confirmed half a million people's data was accessed and potentially stolen when Rhysida's ransomware raided its systems over the summer. In fact, the city noted in a filing that the number of people potentially affected was 500,000 exactly, an oddly round number for data break-in disclosures of …

  1. Yet Another Anonymous coward Silver badge

    Have we not learned anything?

    Don't store info you don't need. Ideally don't collect info you don't need, but this is govt.

    So check a driving record on hiring but don't store the license on a live system afterwards.

    If you need to check SSN don't store it, or store a hash and ask people for it again if you need to verify. And ffs stop assuming knowing your SSN proves identity.

    And if you must store data - silio it. The receptionist who clicked on a spam link shouldn't have full access to every field in every database and every file share.

    This goes double for bosses, the higher up the tree you are - the less data you NEED direct access to.

    Strangely this should have been obvious to high school kids 20 years ago so it's not like this is a "workplace boomers don't understand computers" thing

    1. Will Godfrey Silver badge
      Mushroom

      Re: Have we not learned anything?

      WE have learned that the bastards lie through their teeth.

      THEY have learned that they can get away with just about anything without significant consequences.

    2. An_Old_Dog Silver badge
      Thumb Up

      Re: Have we not learned anything?

      I'd give you a million upvotes for this, if I could.

  2. harrys Bronze badge

    do the right thing .....

    But.... is the time right for some of the good folksies here to take pay cuts and go and replace those there who were not good enough to get the better paid jobs in the private sector?

    Me thinks not.... not until house prices etc crash so making it an affordable choice..... especially for the youngie IT folksies who have not yet "debted them selves up" :)

  3. Guy de Loimbard Bronze badge
    Facepalm

    Sue the researcher

    So the obvious thing to do is to try deflect by beginning litigation against the security researcher?

    Obviously if said researcher was being a cock and threatening to leak data, then fair enough, but seriously, shit slinging when you've had a significant data breach is a great way to deal with things!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like