Minnesota Breach May Have Exposed 11K Personal Records

A compromised email account within the state Department of Human Services may have exposed the personal information of as many as 11,000 people last year, the agency told lawmakers Tuesday.

by Chris Serres, Star Tribune / April 10, 2019

(TNS) — A data breach last year at the Minnesota agency that oversees the state's health and welfare programs may have exposed the personal information of approximately 11,000 individuals.

The state Department of Human Services (DHS) notified lawmakers Tuesday that an employee's e-mail account was compromised as a result of a cyberattack on or about March 26, 2018.

A hacker unlawfully logged into a state e-mail account of a DHS employee and used it to send two e-mails to one of the employee's co-workers, asking that co-worker to pay an "invoice" by wiring money.

In a letter to legislative leaders, Human Services Commissioner Tony Lourey noted that the agency has no evidence that personal information contained in the hacked e-mail account was "viewed, downloaded or misused in any way." Even so, the hacker would have had the ability to obtain some of the account's contents during the cyberattack, officials said.

The incident was immediately reported to Minnesota IT Services, which has been unable to identify what, if any, information was obtained by the hacker.

"This cyberattack is an assault on our efforts in state government to provide quality services to Minnesotans in need," Lourey said in a written statement. "We pledge to do everything we can to uphold the privacy of the Minnesotans who receive services through our programs. We apologize for any concern or other negative impact due to this incident."

©2019 the Star Tribune (Minneapolis). Distributed by Tribune Content Agency, LLC.

Platforms & Programs