Minnesota DHS Subject to Two Data Breaches, Officials Say

Minnesota DHS Subject to Two Data Breaches, Officials Say Photo: Minnesota Department Human Services

October 11, 2018 04:11 PM

The Minnesota Department of Human Services were victims of a phishing email scam, where someone had the ability to access the information of approximately 21,000 individuals who interacted with the department.

DHS confirmed the potential breach Thursday in a statement.


DHS sent out a letter dated Tuesday to those individuals whose information may have been accessed. In the letter, it says incidents occurred in June and July. 

"The two email accounts contained information about some of the people who interacted with DHS between October 2010 and July 2018," the department said. "The vast majority of these people interacted with our State Medical Review Team, and a much smaller number interacted with one of our Direct Care and Treatment facilities."

More from KSTP:

5 INVESTIGATES: 'Hacker for Hire' Service Targeted Government Sites

Dayton Proposes $125M Worth of Cybersecurity Reforms

According to DHS, Minnesota IT Services secured the accounts and stopped the spread of the phishing emails. MNIT also investigated the incidents and reported the results of the investigation to DHS in August.

DHS reviewed every item in the accounts to determine who may have been affected.

In the statement, the department said, "We currently have no evidence that this information was actually clicked, viewed, downloaded, or misused." 

DHS said it is believed the data was able to be accessed after two employees clicked on a link they received in an email.

"The Minnesota Department of Human Services takes very seriously our responsibility to protect the private information and data of Minnesotans, and will continue our vigilant efforts to uphold the highest standards of IT security and data privacy," the department said in a statement.

This is not the first time a state agency has experienced a data breach.

In 2013, the Minnesota Department of Natural Resources announced one of its employees accessed the motor vehicle records of 5,000 people without authorization.

That same year, a worker at MNsure accidentally sent out the names and social security numbers of 2,400 insurance agents.

Connect with KSTP

Join the conversation on our social media platforms. Share your comments on our Facebook, Instagram, and Twitter pages.


Ben Rodgers

Copyright 2018 - KSTP-TV, LLC A Hubbard Broadcasting Company


Walz extends Twin Cities curfew for 2 more nights

VIDEO: George Floyd's family demands charges against all 4 officers involved in fatal arrest

MDH reports 372 new cases of COVID-19, 14 more deaths

Walz visits memorial for George Floyd