Top headlines of the week, July 11 2025
Here are some stories you may have missed this week in central Ohio.
- The Columbus City Council is voting on $23 million for cybersecurity infrastructure a year after a ransomware attack hit the city.
- A report on the hack has been delayed with no current release date announced.
Days before the one-year anniversary of the cyberattack that temporarily crippled Columbus’ computer systems and resulted in the leak of stolen city data on the dark web, the city is considering investing $23 million to strengthen its cybersecurity.
The Columbus Department of Technology is asking the Columbus City Council at its meeting tonight, July 14, to approve the spending on implementing a “zero trust network.”
Soon after the hack was discovered around July 18, 2024, the cybercriminal group Rhysida took credit for the attack and released city data on the dark web. That data included private information such as Social Security numbers for nearly half a million residents and thousands of city employees, as well as information about crime victims and undercover officers.
The funding being considered by the council would modernize the city’s IT infrastructure and address industry-best practices, according to the proposed ordinance.
Jennifer Fening, deputy chief of staff of communications for Mayor Andrew J. Ginther, told The Dispatch in an email:
“Federal, state, and local governmental entities, including the City of Columbus, face persistent and sophisticated cybersecurity threats. These threats are constantly evolving and increasing in sophistication. Cybersecurity experts and researchers have developed the Zero Trust Network framework to adapt to these threats.”
Unlike traditional security frameworks, a zero trust network assumes threats can exist inside and outside the network and requires strict verification for every user and device, according to Fening. The new framework will also segment the city’s network into smaller, isolated zones, making it less likely that a threat could reach the entire network.
“The City of Columbus is seeking to commence its Zero Trust Network project later this year and anticipates that it will take at least two years to implement with an estimated investment of $23 million,” Fening said.
Columbus previously spent $7 million to contract with Dinsmore & Shohl, a law firm, and its cybersecurity subcontractor for forensic analysis and to develop a report about the hack. The city has also spent $625,000 on legal services from Vorys, Sater, Seymour and Pease to defend the city against two lawsuits brought by city employees over the attack.
For nearly a year, Ginther’s administration has repeatedly pushed back the expected release date of the report from Dinsmore & Shohl about the attack. Currently, no release date has been announced.
The city has released little information about how hackers breached city systems or how the city handled the fallout behind the scenes. Ginther initially told reporters that the stolen data was encrypted or corrupted and unusable. A local cybersecurity expert went to the media within hours and revealed that to be false.
(This story will be updated based on Monday evening’s Columbus City Council meeting.)
Government and politics reporter Jordan Laird can be reached at jlaird@dispatch.com. Follow her on X, Instagram and Bluesky at @LairdWrites.
