![[infosec.png]] 2024-09-02 #### Observations: For those of you who follow the show and my postings, you know how much I discuss the need for timely disclosure of parties affected by a breach. Here we have an incident that the City of Columbus is suing a cybersecurity researcher for alerting members of a data breach that their data was released on the dark web. The researcher is not doing this for money, they are not abusing the access to the data on the dark web, they simply alerted those affected by the breach. While possession of breach data is technically a crime for those not authorized by the owners of said data, there is a gray area here. Being a resident and tax payer of the City of Columbus, by default he is a partial owner of the data. Alerting those affected so that they may take protective actions causes issues for the city. It made public a disclosure of data Rhysida made public on the Dark Web. The City when people made inquires, lied in public statements downplaying the breach. The City of Columbus for reasons passing understanding has decided to "shoot the messenger" rather than address their many issues. Cybersecurity expert David L. Ross Jr., who goes by "Connor Goodwolf," has been barred by court order "from accessing, and/or downloading, and/or disseminating" any of the files stolen from the city that were posted to the dark web. David Ross has lawyered up and refuses to be the "fall guy" for the City of Columbus botching both their security operations and the disclosures required by law. *This is a developing story, more updates to follow* #### Links: * Original: https://www.dispatch.com/story/news/local/2024/08/29/data-hack-columbus-restraining-order-cyber-security-expert-david-ross/74998593007/ * Archived: https://archive.today/WN7PV ***For more content, head over to http://WhiteHatSecurity.stream*** #Cybersecurity #News #ColumbusBreach #ConnorGoodwolf #LackOfDisclosure #Blog