Compromised Email Account Revealed PII of DHS Personnel and Clients

Who: Department of Human Services – Minnesota

# of Accounts Breached: 11,000

What was affected: The compromised e-mail account contained a wide range of personal information about DHS clients, employees and applicants, including first and last names, dates of birth, other demographic data, treatment data and information about interactions with the agency. The account did not contain Social Security numbers or financial information. However, it is possible that, while in the account, the hacker viewed or downloaded some of the account’s data, officials said.

When it happened: March 26, 2019

How it happened: An employee’s e-mail account was compromised as a result of a cyberattack on or about March 26, 2018. A hacker unlawfully logged into a state e-mail account of a DHS employee and used it to send two e-mails to one of the employee’s co-workers, asking that co-worker to pay an “invoice” by wiring money.

Outcome: DHS began sending individual letters to all the people who may have been affected by the incident. Responding to the string of cyberattacks, Minnesota IT Services in February deployed a new cybersecurity tool that blocks malicious links and attachments in e-mails intended for state employees. This tool could have prevented many of the breaches at DHS, including the latest incident. The agency has also revised its policies and procedures to ensure they can respond more quickly to data security incidents.