CC A.I CyberSecurity Scoring
CC
Company Information
Website:http://www.columbus.gov/
Employees number:3,805
Number of followers:16,109
NAICS:92
Industry Type:Government Administration
Homepage:columbus.gov
CC Risk Score (AI oriented)
Between 0 and 549
CCGovernment Administration
Updated:
23/06/2026
23/06/2026
263/1000
Critical
C
CC Global Score (TPRM)
xxxx
CCGovernment Administration
Score locked

CCCritical
Current Score
263C (CRITICAL)
01000
4 incidents
-155 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
273
JUNE 2026
290
Cyber Attack
22 Jun 2026 • CC
City of Columbus: Columbus' IT director retiring nearly two years after major cyber attack exposed citizens' data
Columbus Cyberattack by Rhysida
263
CRITICAL-27
CIT1782196062
Columbus IT Director Retires Amid Fallout from 2022 Cyberattack
Sam Orth, the longtime Director of Technology for the City of Columbus, is retiring nearly two years after a devastating cyberattack exposed the personal data of hundreds of thousands of residents. Columbus City Council will recognize Orth’s service in a resolution co-sponsored by all nine members during its Monday evening meeting.
The attack, carried out by the cybercriminal group Rhysida in 2022, compromised terabytes of city data, which was later leaked on the dark web. Columbus was among several municipalities targeted that year, including Cleveland. Initially, city officials claimed the attack had been contained and that the stolen data was unusable until a whistleblower, IT expert Connor Goodwolf, revealed that sensitive information for at least 500,000 people had been exposed. Goodwolf also criticized Orth for slow response times and inaccurate reporting to Mayor Andrew Ginther, including a disputed claim that only criminals use the dark web.
In the aftermath, the city implemented a "zero trust network" requiring continuous identity verification for system users. However, internal accountability remained limited eight Department of Technology employees were terminated, retired, or resigned following the breach, though personnel records do not link their departures to the incident.
Orth, appointed by Ginther in 2016, oversaw Columbus’s IT infrastructure for a decade, including the rollout of body-worn cameras for police officers. His career also included roles at Apple, the Ohio Education Computer Network, and the Ohio Office of Information Technology. His last day is Friday, with Deputy Director Pam O’Grady stepping in as interim director. O’Grady, whose experience is primarily in government affairs, previously worked for former Columbus Mayor Michael Coleman and Ohio Governor Ted Strickland.
Meanwhile, WOSU’s public records request for communications between the mayor and senior officials during the attack remains unfulfilled over a year later. The city reported in February that the request yielded over 2,200 records still under review.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
268
APRIL 2026
257
MARCH 2026
253
FEBRUARY 2026
512
Ransomware
24 Feb 2026 • CC
City of Suffolk, Virginia, City of Columbus, Ohio, Virginia Attorney General’s Office and Florida Department of Health: Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances
Suffolk, Virginia Hit by Massive Ransomware Attack, Exposing 157K Records
237
CRITICAL-275
CITCITFLOCIT1777912437
Suffolk, Virginia Hit by Massive Ransomware Attack, Exposing 157K Records
The city of Suffolk, Virginia, has notified 157,725 individuals of a February 2026 data breach after a ransomware attack compromised sensitive information, including names, Social Security numbers, and financial account details. The breach was disclosed in notices sent to victims last month.
According to city officials, the attack was detected and halted before ransomware could be fully deployed, but not before cybercriminals exfiltrated data from Suffolk’s network. The ransomware group Cloak claimed responsibility, alleging it stole 2.5 TB of files though Suffolk has not confirmed the claim, and details about the attack vector, ransom demands, or payment remain undisclosed.
The breach occurred on or around February 24, 2026, when attackers gained access to the city’s systems. Suffolk’s investigation found that the intrusion was terminated shortly after detection, but the incident highlights the growing threat of ransomware against government entities. Notably, the city’s breach notification did not include offers of free credit monitoring or identity theft protection for affected individuals.
Cloak, a ransomware group active since August 2023, has been linked to at least 75 attacks, with 20 confirmed by targeted organizations. The group has previously breached other government entities, including the Virginia Attorney General’s office (February 2025), as well as municipalities in Canada, Germany, and Sri Lanka. Suffolk marks Cloak’s second confirmed attack of 2026, following a January breach of German retailer Dinnebier Gruppe.
The Suffolk incident ranks as the 11th-largest ransomware breach of a U.S. government entity by records exposed. Comparitech researchers have documented 20 confirmed ransomware attacks on U.S. government targets in 2026 alone, with some of the largest including:
- Florida Department of Health (729,699 records, July 2024)
- RIBridges (650,000 records, December 2024)
- Columbus, Ohio (500,000 records, July 2024)
Ransomware attacks on government agencies often disrupt critical services from payroll and billing to emergency communications while exposing citizens to heightened fraud risks. Suffolk, a city of 95,000 in southeastern Virginia, is the state’s 10th-most populous, underscoring the far-reaching impact of such breaches.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
508
DECEMBER 2025
501
NOVEMBER 2025
493
OCTOBER 2025
642
Ransomware
01 Oct 2025 • CC
City of Columbus
Rhysida Ransomware Attack on the City of Columbus
479
CRITICAL-163
CIT2794927100225
The City of Columbus suffered a severe cyber incident executed by the Rhysida ransomware group, resulting in the theft and public sale of over 6 terabytes of sensitive city data. The attack forced the shutdown of multiple critical systems, with recovery efforts spanning months to restore full functionality. Five plaintiffs—including undercover police officers, firefighters, and a resident—reported financial fraud (unauthorized purchases, fraudulent bank accounts) and extortion attempts (ransom demands, threats of data exposure). The breach exposed highly sensitive employee and resident data, leading to identity theft risks and operational disruptions. While a lawsuit was filed alleging negligence in data security, it was dismissed due to political subdivision immunity under Ohio law, leaving victims without legal recourse despite documented harm. The attack underscored systemic vulnerabilities in the city’s IT infrastructure and the broader challenges of holding government entities accountable for cybersecurity failures.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2025
642
AUGUST 2025
640
JULY 2024
769
Ransomware
01 Jul 2024 • CC
City of Columbus
Ransomware Attack on City of Columbus, Ohio
601
CRITICAL-168
CIT000110524
In July 2024, the City of Columbus, Ohio, faced a ransomware attack that initially aimed to disrupt its IT infrastructure. Although the attack was thwarted with no systems encrypted, the Rhysida ransomware gang claimed to have stolen 6.5 TB of data, impacting personal and financial information of 500,000 individuals. This included employee credentials, emergency services data, and access to city cameras. The attack resulted in 3.1 TB of data being leaked on the dark web. The city offered credit and dark web monitoring services to affected individuals, and while there has been no reported misuse of the data for identity theft or fraud, the incident raises significant concerns about cybersecurity and data protection.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CC ??
What was CC's A.I Rankiteo Cyber Score in June 2026 ??
What was CC's A.I Rankiteo Cyber Score in May 2026 ??
What was CC's A.I Rankiteo Cyber Score in April 2026 ??
What was CC's A.I Rankiteo Cyber Score in March 2026 ??
What was CC's A.I Rankiteo Cyber Score in February 2026 ??
What was CC's A.I Rankiteo Cyber Score in January 2026 ??
What was CC's A.I Rankiteo Cyber Score in December 2025 ??
What was CC's A.I Rankiteo Cyber Score in November 2025 ??
What was CC's A.I Rankiteo Cyber Score in October 2025 ??
What was CC's A.I Rankiteo Cyber Score in September 2025 ??
What was CC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?