Metropolitan Council of the Twin Cities Company CyberSecurity Posture
metrocouncil.org
The Metropolitan Council is the regional planning organization in the seven-county Twin Cities metropolitan area. We run the regional bus and light-rail system and Northstar commuter rail, collect and treat wastewater, coordinate regional water resources, plan regional parks, and administer funds that provide housing opportunities for low- and moderate-income families. Our board is appointed by and serves at the pleasure of the Governor.
Company Details
metropolitan-council-of-the-twin-cities
1,228
13,100
92
metrocouncil.org
0
MET_8348811
In-progress
MCTC Risk Score (AI oriented)Between 700 and 749
MCTC Global Score (TPRM)XXXX
Description: The Maine Office of the Attorney General reported a data breach involving the Metropolitan Council on December 6, 2024. The breach occurred between March 27, 2024, and May 27, 2024, affecting 16,935 individuals, including 14 residents of Maine. The compromised information potentially included names, addresses, phone numbers, and social security numbers. The organization is offering 12 months of credit monitoring through IDX.
No incidents recorded for Metropolitan Council of the Twin Cities in 2025.
No incidents recorded for Metropolitan Council of the Twin Cities in 2025.
No incidents recorded for Metropolitan Council of the Twin Cities in 2025.
MCTC cyber incidents detection timeline including parent company and subsidiaries
The Metropolitan Council is the regional planning organization in the seven-county Twin Cities metropolitan area. We run the regional bus and light-rail system and Northstar commuter rail, collect and treat wastewater, coordinate regional water resources, plan regional parks, and administer funds that provide housing opportunities for low- and moderate-income families. Our board is appointed by and serves at the pleasure of the Governor.
The OFFICIAL careers page for the South Australian Government. The South Australian Public Sector is the State's largest workforce. We are an employer of choice that reflects the diverse community we serve. Our people are from a range of backgrounds and vocations, from entry level, mid-career and
Official LinkedIn page for the state of Oregon. Oregon is a state in the Pacific Northwest region of the United States. It is located on the Pacific coast, with Washington to the north, California to the south, Nevada on the southeast and Idaho to the east. The Columbia and Snake rivers delineate mu
Welcome to the official WA Government page where you can stay up to date on the latest information about Western Australia and WA government initiatives. Questions relating to a specific activity within the WA Government should be referred to the relevant Department or Minister’s Office for a re
Rijkswaterstaat is de uitvoeringsorganisatie van het Ministerie van Infrastructuur en Waterstaat. We beheren en ontwikkelen de rijkswegen, -vaarwegen en –wateren en zetten in op een duurzame leefomgeving. Samen met andere organisaties werken we aan een land dat beschermd is tegen overstromingen. Wa
Build the Missouri of tomorrow. Ensure a strong foundation today. Join a group of innovative team members focused on driving the State of Missouri forward. As public servants, our team members have the opportunity to produce work that is both lasting and important. This work serves to protect famil
Help us achieve world-class education, training and care for everyone, whatever their background. Whether you're just starting out, or an experienced professional, we have what you are looking for. Jobs include administration, policy advisers, digital, finance, commercial specialists and many more
For more information about GAO, please visit www.gao.gov. General Information The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dolla
Our mission is to promote student achievement and preparation for global competitiveness by fostering educational excellence and ensuring equal access. ED is dedicated to: • Establishing policies on federal financial aid for education, and distributing as well as monitoring those funds. • Collect
The Transportation Security Administration (TSA) is a component agency of the U.S. Department of Homeland Security (DHS), committed to securing the nation’s transportation systems to ensure safe and efficient travel for all. Our mission is to protect the American people by preventing threats and dis
.png)
In light of St. Paul's recent cyberattack, we asked the MN Cyber Institute's executive director to explain where systems fail.
A cyberattack has targeted the North St. Paul Police Department, according to city officials. On Monday, the North St. Paul City Council...
Plus: Duluth school district facing uncertainty over federal funding; More convictions in the Feeding Our Future fraud scheme; and more.
For the first time, a team of Minnesota cybersecurity experts with military chops was deployed in response to a state cybersecurity breach.
It grants the mayor added time to oversee a coordinated response to a sophisticated cyberattack.
The chair of the Metropolitan Council will retire in early September, Gov. Tim Walz and Lt. Gov. Penny Flanagan announced on Tuesday.
In 2025, St. Paul's tech sector supports over 380,000 jobs, contributing $31 billion annually, with median tech salaries around $105K and...
The state's new LGBTQ council wants to hear from community members as they pick their priorities. They say data is more important than ever...
Did you receive a data breach notice from Metropolitan Council? You may be able to recover money for any harm. Explore your legal options.
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Metropolitan Council of the Twin Cities is http://www.metrocouncil.org.
According to Rankiteo, Metropolitan Council of the Twin Cities’s AI-generated cybersecurity score is 701, reflecting their Moderate security posture.
According to Rankiteo, Metropolitan Council of the Twin Cities currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Metropolitan Council of the Twin Cities is not certified under SOC 2 Type 1.
According to Rankiteo, Metropolitan Council of the Twin Cities does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Metropolitan Council of the Twin Cities is not listed as GDPR compliant.
According to Rankiteo, Metropolitan Council of the Twin Cities does not currently maintain PCI DSS compliance.
According to Rankiteo, Metropolitan Council of the Twin Cities is not compliant with HIPAA regulations.
According to Rankiteo,Metropolitan Council of the Twin Cities is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Metropolitan Council of the Twin Cities operates primarily in the Government Administration industry.
Metropolitan Council of the Twin Cities employs approximately 1,228 people worldwide.
Metropolitan Council of the Twin Cities presently has no subsidiaries across any sectors.
Metropolitan Council of the Twin Cities’s official LinkedIn profile has approximately 13,100 followers.
Metropolitan Council of the Twin Cities is classified under the NAICS code 92, which corresponds to Public Administration.
No, Metropolitan Council of the Twin Cities does not have a profile on Crunchbase.
Yes, Metropolitan Council of the Twin Cities maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/metropolitan-council-of-the-twin-cities.
As of December 03, 2025, Rankiteo reports that Metropolitan Council of the Twin Cities has experienced 1 cybersecurity incidents.
Metropolitan Council of the Twin Cities has an estimated 11,269 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Title: Data Breach at Metropolitan Council
Description: The Maine Office of the Attorney General reported a data breach involving the Metropolitan Council on December 6, 2024. The breach occurred between March 27, 2024, and May 27, 2024, affecting 16,935 individuals, including 14 residents of Maine. The compromised information potentially included names, addresses, phone numbers, and social security numbers, and the organization is offering 12 months of credit monitoring through IDX.
Date Detected: 2024-12-06
Date Publicly Disclosed: 2024-12-06
Type: Data Breach
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Names, Addresses, Phone numbers, Social security numbers
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Addresses, Phone Numbers, Social Security Numbers and .
Entity Name: Metropolitan Council
Entity Type: Government
Industry: Public Administration
Customers Affected: 16935
Type of Data Compromised: Names, Addresses, Phone numbers, Social security numbers
Number of Records Exposed: 16935
Sensitivity of Data: High
Source: Maine Office of the Attorney General
Date Accessed: 2024-12-06
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-12-06.
Most Recent Incident Detected: The most recent incident detected was on 2024-12-06.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-06.
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, phone numbers, social security numbers and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, social security numbers, addresses and phone numbers.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 204.0.
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid