Who can be held accountable for cyberattacks?
COLUMBUS, Ohio (WCMH) -- Six months after a ransomware attack hit Columbus, the city is still working to recover.
A breach report that should show how the attack happened and what exactly was accessed should be released soon.
Columbus isn’t alone; each week, there seems to be another cyberattack and more data at risk.
NBC4 Investigates is looking into where accountability comes into play when it comes to these attacks because sometimes, it’s not just the criminals who are at fault.
Last October, Ohio Attorney General Dave Yost and 49 other attorney generals reached a settlement with Marriott International following a multiyear data breach; more than $1.5 million went to Ohio.
How far does this accountability reach and what will future cybersecurity efforts look like across the state?
When the ransomware attack hit Columbus, the city did not have cyber insurance, something that would cover liability for a data breach. This puts the cost of the breach on the taxpayers.
"Are there any plans to pursue accountability or legal action against the city for this breach?" NBC4 investigative reporter Isabel Cleary asked.
"So my staff is staying in contact with the city and learning about this at a relatively slow pace,” Yost said. “Whether there's any action to be taken is a decision for the future. We're watching it and this was a pretty significant breach. I am very hopeful that Mayor Ginther is going to spend the money and make the effort to make sure something like this doesn't happen again.”
As cyberattacks continue to happen, cybersecurity conversations are becoming more common between Ohio leaders.
"It ought to be a bigger conversation, but I hope the outcome of that conversation is not lawsuits,” Yost said. “I hope it's better cybersecurity.”
It’s also a topic at the Ohio Statehouse.
"The issue that happened in Columbus not too recently has definitely sparked conversations about what we can do to strengthen our cybersecurity systems across the state," Rep. Dontavius Jarrells (D-Columbus) said.
Jarrells said that 2025 will be an opportunity to explore ways to educate the community and invest in cybersecurity support for Ohio cities.
"The biggest thing is just, we got to invest in our infrastructure, we have to, and so when we have an aging infrastructure in a rapidly growing city such as Columbus, you can see these issues begin to occur, unfortunately," Jarrells said.
Jarrells believes this is an issue that crosses both sides of the aisle.
"There is a bipartisan opportunity, with protecting our constituents,” he said. “I think how we get there is what’s really important, right? Because we are looking at a budget that we don't have excess, a lot of funds, right, and so we have to think creatively about what can be possible."
You can find information about how to protect your data or what to do if you’ve been a victim of a cyberattack here.