The city of Columbus recently secured a temporary restraining order against cybersecurity expert David L. Ross Jr., also known as Connor Goodwolf. The purpose of this order is to prevent him from accessing, downloading, and disseminating sensitive files that were stolen from the city’s server farm during a ransomware attack. City Attorney Zach Klein initiated the request for the restraining order, highlighting the need to safeguard the police, victims, and the general public from potential harm.
The issuance of the restraining order has stirred up controversy, with Ross being a key figure in bringing to light the magnitude of the data breach. His disclosures have often contradicted statements made by city officials, including Mayor Andrew Ginther, regarding the severity of the hack. Ross contends that the city is attempting to silence him and prevent him from revealing the full extent of the data breach, which he believes was mishandled by the city’s IT department. He also raised concerns about a suspicious job offer from the city’s data breach consultant, which he suspects was an attempt to silence him.
In response to the restraining order, Ross expressed his intention to seek legal representation and mentioned the possibility of filing a lawsuit against the city for violating his First Amendment rights. Despite the public’s interest in the case, the online court docket does not provide access to the relevant document, and the judge presiding over the case remains listed as Noble.
Goodwolf had previously alerted the public to the fact that personal information of city officials and residents, including driver’s license and Social Security details, were among the data that was hacked and posted online after the city refused to engage in ransom negotiations. The compromised files also included information about victims of criminal acts like domestic violence and personal details about undercover Columbus police officers.
City Attorney Zach Klein welcomed the decision made by Common Pleas Judge Kim Brown, emphasizing his duty to protect those at risk of harm. He justified the need for restraining the dissemination of stolen confidential personnel and victim data, which could jeopardize ongoing investigations and the safety of real individuals. Daniel Maldet from CMIT Solutions in Columbus shed additional light on the breach, revealing that 3.1 terabytes of data had been released, comprising 258,270 files, with a potential 55% of the data being sold.
In January 2023, the Columbus City Council approved a $2.5 million contract for Cybersecurity Products and Services after reviewing proposals from five different firms. This investment aimed to enhance the city’s resilience against future cyber threats and safeguard sensitive information from potential breaches.
Overall, the developments surrounding the restraining order against David L. Ross Jr., also known as Connor Goodwolf, highlight the complexities and implications of cybersecurity breaches for both individuals and public entities. The ongoing legal battle underscores the importance of protecting data privacy and ensuring transparency in the face of cyber threats.