An international group has begun releasing information on the dark web that it stole from the city of Columbus three weeks ago.
Cyber criminal group Rhysida took credit for the July 18 attack on city servers.
The group has listed data it said it stole on the dark web and asked bidders to offer 30 bitcoins, or close to $2 million for the data.
On Thursday, the group began releasing data stolen from city servers, said Daniel Maldet, owner of the Columbus office of CMIT Solutions. Maldet does not work for the city, but has been monitoring the situation.
Maldet said that he is seeing 3.1 terabytes of the 6.5 terabytes the group said it stole from the city. That's about 45% of the data.
"They are mentioning that 3.1 terabytes are not sold. Then we can infer from them that they sold half the data," Maldet said.
"We are dealing with a lot of assumptions here," he said. "We're dealing with cyber criminals here. We don't know if what they're saying is true or not."
But Shawn Waldman, CEO of Secure Cyber Defense near Dayton, who also has been monitoring the dark web, said he isn't sure whether any data was sold.
"You don't sell half. You either get it all or you don't," he said.
He said that perhaps negotiations failed.
In a statement Thursday afternoon, Columbus Mayor Andrew J. Ginther said, "With much respect, I share with you that speculation by individuals external to the investigation may not benefit the objective of educating the public on this incident.
"Claims being made by sources external to the investigation about the actions of the threat actor do not match the assessments of cybersecurity experts and law enforcement actively working on the case," Ginther said.
"We appreciate your understanding that what we can say remains limited and this situation continues to evolve," he said.
Maldet said it looks like the information released comes from a backup server.
He said maybe the data seen on the dark web wasn't sold data because there wasn't enough value to have somebody pay for it.
But he said it could be potentially damaging information.
Waldman said information he sees appears to come from individual work stations. It also looks like some database is part of the leak.
He said he wondered if police identities and cases were exposed.
Meanwhile, the Columbus police union is funneling its members to a lawyer if they believe their bank accounts or other private information was hacked.
Brian Steel, president of Fraternal Order of Police Capital City Lodge No. 9, told WOSU Thursday the union is sending members to the lawyer to determine whether they should file lawsuits against the city.
Steel said members have told him money has been missing from bank accounts. Some have told him that someone has tried to open credit cards in their names.
