Fox28 reports:
A Franklin County judge dismissed a lawsuit against the city of Columbus, which claimed it failed to follow industry standards and federal guidelines for data security.
The lawsuit was filed last year after the ransomware group Rhysida claimed it stole over 6 terabytes of city data and posted it for sale. The incident caused the city to shut down multiple systems and take months to bring some of them back online.
Five of the plaintiffs suing under John Doe pseudonyms are city employees, with one serving as an undercover police officer and another as a firefighter. A sixth plaintiff is a resident.
They claim unauthorized purchases were made, fraudulent bank accounts were opened, and threatening emails demanded ransom or data exposure.
Read more at Fox28
So the whistleblower who tried to inform the public about the severity of the breach was sued by the city, but the city that didn’t adequately secure the data and then played down the severity of the breach gets a free pass from civil lawsuits under state law.
What’s wrong with this picture?