Minnesota Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
Minnesota.jpg
 

Public Safety

Minnesota Bureau of Criminal Apprehension, State

Breach Type - Hacking, Data Breach

Faribault
July 10th, 2020
  • Over 15 years of information was exposed in recent data breach
  • The data is amassed in a larger data release by hacker group Distributed Denial of Secrets which targets law enforcement data
  • Sensitive data was included in the over 20,000 documents that were uploaded online
Read More

 
Hennepin County Sheriff's Office, Hennepin County

Breach Type - Hacking, Data Breach

Faribault
July 10th, 2020
  • Over 1,500 first responder’s information was exposed in recent data breach
  • The data is amassed in a larger data release by hacker group Distributed Denial of Secrets which targets law enforcement data
  • Sensitive data was included in the information that was uploaded online exposing responders
Read More

 
Minnesota Judicial Branch & Hennepin County

Breach Type - Hack

Star Tribune
November 6th, 2017
  • 46yr old man (John Kelsey Gammell) paid hacking services to bring down web networks
  • Including Minnesota Judicial Branch & Hennepin County
  • Paid monthly subscription fees for DDoS attacks
  • "Hacker-for hire" services available on the dark web, Gammell's preferred service called "vDos"
  • Israel based operators
Read More
Star Tribune
January 18th, 2018
  • Gammell's attacks targeted and hit Hennepin County Sherriff's office
  • Gammell pleaded guilty to all charges
Read More

 
BACK TO TOP

Local Government

Lewiston cyber attack underscores threat, Winona County

Breach Type – Hacking, Data Breach

Winona Post
September 22nd, 2021
  • “In Lewiston’s case, Falcon said the attackers simply cracked the city’s security from the outside. “The entry point from the analysis that was conducted points to a brute force attack, meaning that the attackers identified an open port on the firewall and used a script to basically try a number of passwords,”
  • “Lewiston city leaders ultimately agreed to pay a $60,000 ransom — in the form of 1.5 Bitcoin — to the attackers. “The forensic team was the party in contact with what they termed the threat actor, and in the process of negotiating a ransom to be paid, ultimately that ransom was agreed to and was paid by the city,” Falcon said. The ransom was covered by insurance, so it did not cost the city directly, he added.”
  • “Lewiston’s ransom didn’t work. The attackers took the city’s money, then demanded another $120,000 to release the data. “We knew there was a chance of re-extortion. We had been warned of that by the team that we hired,” Falcon said.”
  • “The final outcome was that we were re-extorted and chose not to pay a second ransom and restored our systems with backups we were able to find available, but all of the other data on our system was lost,”
Read More

 
Ramsey County Family Health Division, Ramsey County

Breach Type – Hacking, Data Breach

Twin Cities
January 29th, 2021
  • The County sent a notification to 8,700 clients that their data may have been accessed on or around Dec. 2nd
  • There had been evidence that the security was breached by bad actor seeking payment through a ransomware scheme
  • Some of the information exposed included names, addresses, dates of birth, dates of service, telephone numbers, account numbers, health insurance information, and medical information
Read More

 
City of Minneapolis Public website and Computer Systems, Hennepin County

Breach Type – Hacking, Denial of Service (DoS)

The Hill
May 28th, 2020
  • Bad actors used DoS in cyberattack against city's website
  • IT personnel were able to restore vast majority of systems
  • Officials believed data remained intact and was uncompromised
Read More

 
Wright County Employee Email System, Wright County

Breach Type – Phishing, Data Breach

Monticello Times
May 13th, 2020
  • Investigation revealed bad actors utilized phishing in cyberattack
  • IT personnel painstakingly scoured every email in each account
  • Names, addresses, DOB, SSN, DL, among possibly accessed information
Read More

 
Scott County Government Systems, Scott County

Breach Type – Phishing, Malware

SW News
December 11th, 2019
  • Phishing cyberattack utilized by bad actors against county government
  • Lost revenue and repair costs totaled nearly $70,000
  • Officials doubt citizen information was compromised
Read More

 
Pine County

Breach Type – Phishing, Data Breach

WCMP
October 22nd, 2019
  • Over 4,000 individuals were likely victims of massive phishing attack
  • County employee email account was breached by bad actors
  • Names, addresses, dates of birth, Social Security numbers were all likely stolen
Read More

 
Minneapolis Mayor Official Email, Hennepin County  

Breach Type – Phishing, Other

 
   
Washington Times
  September 27th, 2019 
 
  • Minnesota mayor was victim of phishing cyberattack, which compromised his official city email address
  • Local news outlets received emails asking recipients to open suspicious attached PDF file
  • Emails enticed potential victims with fictitious business proposal from city
  Read More
     

 
 
Dakota County Social Services Department, Dakota County

Breach Type - Phishing, Data Breach

Data Breaches
April 12th, 2019
  • The county had discovered that there had been unauthorized access to one of its employee’s emails
  • Following the compromise, the county made sure to replace all active passwords and add authentication
  • Around 1,000 people may have been exposed with sensitive personal information
Read More

 
Minnesota Department of Human Services

Breach Type - Phishing, Data Breach

Star Tribune
April 9th, 2019
  • A data breach may have exposed over 11,000 individuals revealing sensitive information
  • The DHS notified lawmakers that an email account had been compromised by a hacker logging into a staff email account
  • It is unknown how much information was compromised but money transfers were requested by the hacker
Read More

 
Minnesota Department of Human Services

Breach Type - Phishing, Data Breach

Twin Cities
January 30th, 2019
  • A Phishing Scheme compromised more than 3,000 people’s data
  • An account was hacked and spoofed emails were sent in September 2018
  • IT began to apprehend the attack a day after it happened
Read More

 
Social Services Department, Ramsey County

Breach Type - Phishing, Data Breach

The Lancaster News
December 12th, 2018
  • Personal information of hundreds of Ramsey County Social Services clients potentially compromised
  • Hackers gained access to the email accounts of dozens of county employees
  • Data Security firm investigated breach and notified county in October
Read More

 
Minnesota Department of Human Services

Breach Type - Phishing, Data Breach

KSTP
October 17th, 2018
  • Two employee email accounts compromised in phishing scheme
  • Hackers exploited emails to send out spam emails
  • Email accounts contained private data of DHS clients, potentially exposed in data breach
Read More

 
City of Albert Lea, Freeborn County

Breach Type - Phishing, Data Breach

ABC 6 News
August 28th, 2018
  • City notified by FBI of hacking incident
  • Phishing email infiltrated City of Albert Lea
  • W-2 forms sent to hackers
  • 330 current and former employees potentially affected
Read More

 
Ramsey County

Breach Type - Phishing, Other

Hacker Combat
August 11th, 2018
  • Ramsey County detected suspicious activity within the network
  • Implemented security measures for all employee accounts
  • Email cyber attack compromised 30 employee email accounts of 4,000 targeted employees
Read More

 
Hennepin County Government Employees, Hennepin County

Breach Type - Phishing, Data Breach

Star Tribune
August 9th, 2018
  • 20 Hennepin County employees fall victim to phishing scheme
  • Phishing e-mails disguised as pay-raise notifications
  • County customer data potentially exposed
  • Hennepin County consists of 9,500 employees, blocking spam emails every quarter
Read More

 
Becker County

Breach Type - Ransomware

Echo Press
August 16th, 2017
  • Virus took down website, disabled printers, was slowly corrupting IT networks
  • County has uncontaminated server, where files were backed up the night before the attack
  • Board members being advised against opening files from Becker County to avoid further contamination
  • Email systems also hacked, hackers sending out insulting emails on behalf of county
Read More

 
Sterns County

Breach Type - Hack

USA Today
July 4th, 2017
  • Part of Islamic Union test hacks of government websites
  • Hackers claim they were testing government websites, not attacking
  • Sterns county does not know cause of the hack
Read More

 
Minnesota State Government Database

Breach Type - Hacking, Data Breach

FOX 9
June 20th, 2017
  • Minnesota State Government Database hacked by activist protecting fatal shooting of Philando Castile
  • Hacker allegedly stole a list of 1,400 email addresses and passwords
  • Hacker claimed they could impersonate Minnesota government officials or state employees with the information obtained
Read More

 
Crow Wing County Board

Breach Type - Ransomware

Brainerd Dispatch
September 29th, 2016
  • Well timed file backup saved county from paying ransom
  • Backup server unaffected by ransomware attack
  • County is working on ways to improve firewall
Read More

 
City of Wadena

Breach Type - Ransomware

Wadena Pioneer Journal
July 29th, 2016
  • Virus hits city hall computers
  • Caused several files to be lost
  • Virus turned out to be ransomware, locking multiple files
  • No data breach of private information has been found
Read More

 
Prior Lake City Hall

Breach Type - Hack

Prior Lake American
June 16th, 2016
  • Computer virus struck HVAC system
  • No evidence of data breach of personal information
  • Cost the city between $10,000 & $15,000 to fix issues
  • Majority of the computers were cleaned, some files lost
  • Virus mimicked ransomware, Cryptolocker, but lacked similar characteristics
Read More

 
BACK TO TOP

Medical

Apple Valley Clinic, Dakota County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
March 31st, 2021
  • Vendor Netgain suffered a ransomware attack in which patient data was compromised
  • Data that was compromised includes names, birthdates, SSNs, bank account numbers, bank routing numbers, patient billing information, and medical information
  • Free identity theft protection is being offered to anyone whose data was compromised
Read More

 
Lake Regional Healthcare, Otter Tail County

Breach Type – Unknown, Ransomware

Becker's Hospital Review
January 4th, 2021
  • A ransomware attack affected the healthcare center disrupting its computer systems
  • The activity was noticed on Dec. 22nd and prompted investigations
  • The CEO stated that many impacted systems have been restored and operations are continuing as normal
Read More

 
South Country Health Alliance, Steele County

Breach Type – Phishing, Data Breach

Becker's Hospital Review
January 13th, 2021
  • Members of the South County Health Alliance were notified of a potential exposure of private information
  • Bad actors were able to gain access to the account on June 25th
  • Over 60,000 members were exposed through the account including social security, names and more
Read More

 
University of Minnesota Physicians, Hennepin County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
December 1st, 2020
  • It was discovered that two accounts were hacked on January 30th to 31st and February 4th
  • Bad actors had access to email accounts for short period of time
  • The organization was not able to determine what information was accessed or potentially exposed during cyber attack
Read More

 
UCare Minnesota, Hennepin County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
September 29th, 2020
  • Health system was able to identify unusual network traffic on private systems
  • Investigations led to the discovery of the bad actor gaining access to employee email accounts
  • The breach may have exposed over 4000 patients and their information
Read More

 
Children's Minnesota and Allina Health, Hennepin County

Breach Type – Unknown, Data Breach

StarTribune
September 16th, 2020
  • More than 360,000 patients received notice that healthcare providers were hit in cyberattack
  • Leaked information included pediatric patient's names, dates of birth, and insurance information among others
  • Officials believed that dates of care and names of doctors were also leaked
Read More

 
Mille Lacs Health System, Mille Lacs County

Breach Type – Phishing, Data Breach

Becker's Health IT
May 19th, 2020
  • Numerous employees were victim of email phishing scheme
  • Over 10,000 patient's information was accessed by bad actors
  • Names, dates of birth, other medical information accessed
Read More

 
Alomere Health, Douglas County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
January 7th, 2020
  • Hospital investigated phishing cyberattack
  • Bad actor gained access to employee email
  • Names, addresses, birthdates, and other medical information likely stolen
Read More

 
Southeastern Minnesota Oral & Maxillofacial Surgery, Mower County

Breach Type – Unknown, Ransomware

Data Breaches
December 5th, 2019
  • Minnesota medical center was victim of ransomware cyberattack
  • Officials unable to determine extent of breach
  • Medical center mailed letters to likely impacted patients
Read More

 
Bayview Dental, Chisago County

Breach Type – Hacking, Data Breach

Data Breaches
August 15th, 2019
  • Bayview was subject to a cyber attack potentially exposing private sensitive information
  • As investigations are going on in a precautionary effort Bayview dental had gave notice to potentially exposed customers
  • 12 months of credit monitoring had been offered for those affected by this attack
Read More

 
Riverplace Counseling Center, Anoka County

Breach Type - Unknown, Malware

Data Breaches
April 18th, 2019
  • The center had noticed that they were a victim of an attack on January 20th
  • A Technology firm had come to the aid of the Counseling center to remove malware and restore the systems to the backups
  • It could not be verified if patient information had been exposed due to the attack
Read More

 
Reproductive Medicine and Infertility Associates, Washington County

Breach Type - Malware

Twin Cities
February 1st, 2019
  • Clinic was target of malware attack with unknown source
  • Sensitive personal information has been exposed
  • Forensic experts offered no answers on origin of attack
Read More

 
Associates in Psychiatry and Psychology, Olmsted Co.

Breach Type - Ransomware

DataBreaches
May 24th, 2018
  • Ransomware attack encrypted practice files in late March
  • Ransomware variant known as "TripleM"
  • Hackers demanded 4 Bitcoin as ransom from practice
  • Practice negotiated down to .5 Bitcoin & paid hackers to decrypt files
Read More

 
Edina Fertility Clinic

Breach Type - Ransomware

Minnesota CBS Local
December 5th, 2017
  • Patients potentially affected in ransomware attack
  • Hackers could have accessed private information when installing malware
  • Edina notified patients of data security incident
Read More

 
Blaine Chiropractic Center

Breach Type - Phishing

Data Breaches
July 31st, 2016
  • Hacker installs malware using a hidden administrator account
  • The hidden account was created by a third-party software vendor
  • It is not known if sensitive patient information was exposed/misused
  • Blaine Chiropractic offering credit monitoring to those potentially impacted
Read More

 
BACK TO TOP

Education

District 518 is investigating whether data was compromised when an employee's email account was hacked, Nobles County

Breach Type –Hacking, Data Breach

Yahoo News
March 8th, 2022
  • "A District 518 employee's email was hacked and an investigation is underway to determine whether any data was compromised."
  • “Preliminary indications were that the hackers seemed to have used the hacked email account to send more emails out rather than taking any data from it."
  • “It was also unclear on Monday how many students' data or what type of data might have been involved."
Read More

 
ISD 2142, St. Louis County

Breach Type – Phishing, Data Breach

The Timberjay
February 17th, 2021
  • Bad actor used fraudulent email address to obtain 677 employees' W-2 forms
  • Private information such as names, Social Security numbers, likely compromised
  • Employees were given links to IRS identity theft website
Read More

 
Duluth School District, St. Louis County

Breach Type – Data Breach, Unknown

WDIO
June 4th, 2020
  • Duluth has released a public statement regarding the breach stating a student originally noticed the problem
  • Investigations show 14 various accounts were compromised and being accessed by a 3rd party
  • No suspicious activity has been seen on these accounts as they continue to be monitored
Read More

 
Blue Earth Area Senior High School, Faribault County

Breach Type – Hacking, Other

Data Breaches
October 9th, 2019
  • Area school hit with cyberattack, school forced to replace computers
  • Bad actors destroyed computer controls for gymnasium humidity
  • In addition to computers, school likely will be forced to replace gym floor
Read More

 
Park Rapids Area Schools, Hubbard County

Breach Type - Unknown, Ransomware

Park Rapids Enterprise
March 2nd, 2018
  • Park Rapids Schools victim of virus attack
  • Network administrator worked to rebuild server files from backups
  • Data restored from backups, no data lost
Read More

 
Cloquet School District, Carlton County

Breach Type - Ransomware

Pine Journal
December 4th, 2017
  • Cloquet School District targeted in ransomware attack
  • Virus encrypted files on all servers, including network shared drives
  • No data exfiltrated by hackers
  • District will use cyber insurance to cover the costs
Read More

 
Proctor Schools

Breach Type - Hack

Duluth News Tribune
December 4th, 2017
  • Employee opened malicious phishing email which launched ransomware on Proctor school system
  • Student data and payroll information unaffected in attack
  • District will not pay ransom
  • Hiring cyber forensic data company to combat hacker
Read More

 
Bloomington School

Breach Type - Phishing

MPR News
February 11th, 2017
  • Bloomington employee falls victim to W-2 spear phishing scheme
  • Employees' personal and financial information at risk
  • Breach affected several thousand employees
  • School District offering one year of identity protection to those potentially affected
Read More

 
BACK TO TOP