Every time central Ohioans visit Columbus City Hall and most other municipal government buildings, they scan their driver’s license to enter — and all of that information dating back to early 2006 may now be available on the dark web.
The volume of data — potentially dating back almost two decades — may have still been on file during a July 18 cyber attack because the city’s retention policy is open-ended and allows the government to hold onto it until it’s deemed “obsolete,” said city spokeswoman Melanie Crabill.
EasyLobby, a security system that for years has printed nametags for guests, is used to control and monitor visitor entry and exit at buildings, according to its manufacturer HID Global.
While Crabill said it’s unclear how much of that data was on file when the cyberattack occurred, EasyLobby records for Columbus dating back to February 2006 appear to have been obtained in the hack, said local cybersecurity expert David L. Ross Jr., also known as “Connor Goodwolf.”
Read More: Franklin County judge grants city request to suppress cyber expert’s efforts to warn public