November 5, 2024 at 11:42AM
Columbus, Ohio, settled with whistleblower David Leroy Ross after he reported a cyberattack exposing residents’ personal information. The city sued him for damages but agreed to dismiss the case with a permanent injunction, allowing him to share only approved public data, amidst concerns of discouraging future whistleblowers.
**Meeting Takeaways:**
1. **Settlement Reached**: The city of Columbus has settled with whistleblower David Leroy Ross (Connor Goodwolf) after he reported a cyberattack involving compromised personal information of residents.
2. **Cyberattack Details**: The breach was identified on July 18, when a foreign threat actor attempted to disrupt the city’s IT systems, potentially to install ransomware.
3. **Data Compromised**: The attack led to the exposure of sensitive personal information, including names, dates of birth, addresses, bank account details, driver’s licenses, Social Security numbers, and more, which has since appeared on the Dark Web.
4. **Response Measures**: Columbus’ Department of Technology quickly blocked unauthorized access, initiated an investigation, engaged cybersecurity experts, and involved law enforcement to manage the situation.
5. **Legal Actions**: In August, the city filed a lawsuit against David Ross seeking over $25,000 in damages and an order to limit his public commentary on the data leak.
6. **Agreement Details**: An agreement has been reached wherein Ross will receive a dismissal with prejudice, preventing future prosecution for the same issue. However, he must adhere to a permanent injunction restricting his public disclosures to information classified as public record and subject to the city’s prior written approval.
7. **Community Reaction**: Casey Ellis from Bugcrowd commented on the case, highlighting concerns that this lawsuit could dissuade individuals from reporting similar data breaches, urging the importance of protecting whistleblowers in the interest of public safety.