MDHS
Company Details
Linkedin ID:
minnesota-department-of-human-services
Website:
Employees number:
1,925
Number of followers:
32,942
NAICS:
92
Industry Type:
Homepage:
mn.gov
IP Addresses:
0
Company ID:
MIN_3087173
Scan Status:
In-progress
Minnesota Department of Human Services Company CyberSecurity Posture
mn.gov
The Minnesota Department of Human Services (DHS) helps provide essential services to Minnesota’s most vulnerable residents. Working with many others, including counties, tribes and non-profits, DHS helps ensure that Minnesota seniors, people with disabilities, children and others meet their basic needs and have the opportunity to reach their full potential DHS employs a highly talented and dedicated workforce committed to providing services that produce positive outcomes for clients in a cost-effective manner. Employees have an opportunity to make a difference in the lives of Minnesotans every day. Be a part of growing team of talented professionals! Career opportunities at DHS Public policy analysts Human Service Technicians (Direct Care) Administrative and executive assistants Accountants and auditors Budget and business analysts Doctors and pharmacists Mental Health Professional Educators Human Resources Licensed Alcohol & Drug Counselor Nurses and nursing assistants Physical therapists Rehabilitation therapists Researchers, planners and data analysts Social workers Attorneys Health care administrators Eligibility and benefits representatives Interns and fellows
Minnesota Department of Human Services A.I CyberSecurity Scoring
MDHS Risk Score (AI oriented)Between 700 and 749
MDHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MDHS Global Score (TPRM)XXXX
MDHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MDHS Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Minnesota Department of Human Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
Minnesota Department of Human Services
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity. DHS implemented new procedures to address the error that led to the incident, and communicated these procedure changes to staff.
Minnesota Department of Human Services (DHS)
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Minnesota Department of Human Services (DHS) failed to conduct mandatory security reviews of its Supplemental Nutrition Assistance Program (SNAP) computer system in **2020 and 2023**, as revealed by federal audits. This system stores highly sensitive personal data of over **440,000 SNAP beneficiaries**, including private financial and identification details. The omission of these reviews was attributed to **resource constraints**, leaving the system vulnerable to **un detected security gaps, breaches, or fraud risks**. While the agency claimed compliance in **March 2024** under the new oversight of the Department of Children, Youth and Families (DCYF), beneficiaries expressed deep concerns over **data privacy and trust erosion** in public assistance programs. The exposed vulnerabilities could enable unauthorized access to confidential records, potentially leading to **identity theft, financial fraud, or misuse of personal information**. The audits explicitly warned that such negligence **heightens the likelihood of a breach**, though no confirmed incident was reported. The failure underscores systemic weaknesses in safeguarding critical welfare infrastructure, risking long-term reputational and operational damage.
MDHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MDHS
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for Minnesota Department of Human Services in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Minnesota Department of Human Services in 2025.
Incident Types MDHS vs Government Administration Industry Avg (This Year)
No incidents recorded for Minnesota Department of Human Services in 2025.
Incident History — MDHS (X = Date, Y = Severity)
MDHS cyber incidents detection timeline including parent company and subsidiaries
MDHS Company Subsidiaries
The Minnesota Department of Human Services (DHS) helps provide essential services to Minnesota’s most vulnerable residents. Working with many others, including counties, tribes and non-profits, DHS helps ensure that Minnesota seniors, people with disabilities, children and others meet their basic needs and have the opportunity to reach their full potential DHS employs a highly talented and dedicated workforce committed to providing services that produce positive outcomes for clients in a cost-effective manner. Employees have an opportunity to make a difference in the lives of Minnesotans every day. Be a part of growing team of talented professionals! Career opportunities at DHS Public policy analysts Human Service Technicians (Direct Care) Administrative and executive assistants Accountants and auditors Budget and business analysts Doctors and pharmacists Mental Health Professional Educators Human Resources Licensed Alcohol & Drug Counselor Nurses and nursing assistants Physical therapists Rehabilitation therapists Researchers, planners and data analysts Social workers Attorneys Health care administrators Eligibility and benefits representatives Interns and fellows
Loading...
MDHS Similar Companies
Internal Revenue Service
Welcome to the Internal Revenue Service’s official LinkedIn account. Here, you will find the latest and greatest news and updates for taxpayers to help them understand and meet their tax responsibilities. Also, this is a place to learn about a meaningful career with the IRS. Check out the tabs above
Region Midtjylland
Region Midtjyllands mål er at skabe sundhed, trivsel, vækst og velstand for regionens 1,3 millioner borgere. Vi er cirka 30.000 kolleger, der er fælles om at sikre helhed og sammenhæng for patienter, brugere og borgere i regionen. Det gælder lige fra at tilbyde den bedste behandling her og nu til
Department for Education
Help us achieve world-class education, training and care for everyone, whatever their background. Whether you're just starting out, or an experienced professional, we have what you are looking for. Jobs include administration, policy advisers, digital, finance, commercial specialists and many more
State of California
Californians deserve a government that works for them and with them. One that will work to ensure opportunity and justice. We are building a California not for the few, but for all — including those who have historically been left out. We are doing the work to make our state a place for every Cali
European Commission
The Commission represents and upholds the interests of the EU as a whole, and is independent of national governments. The European Commission prepares legislation for adoption by the Council (representing the member countries) and the Parliament (representing the citizens). It administers the budge
FEMA
Welcome to the official LinkedIn page for the Federal Emergency Management Agency (FEMA). When disaster strikes, America looks to FEMA to support survivors and first responders in communities all across the country. This page provides career related information, job announcements and relevant updat
Vlaamse overheid
Bij de Vlaamse overheid geef je elke dag opnieuw het beste van jezelf, in een job die een verschil maakt in de maatschappij. Pas afgestudeerd of al een aantal jaren professionele ervaring achter de rug? Op zoek naar een job als arbeider, bediende, leidinggevende, administratief medewerker, ingenie
City of Philadelphia
With a workforce of 30,000 people, and opportunities in 1,000 different job categories, the City of Philadelphia is one of the largest employers in Southeastern Pennsylvania. As an employer, we operate through the guiding principles of service, integrity, respect, accountability, collaboration, dive
US Government Accountability Office
For more information about GAO, please visit www.gao.gov. General Information The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dolla
.png)
MDHS CyberSecurity News
November 25, 2025 09:21 PM
Working for ICE
Career paths in management, information technology, law, mission support, public affairs and community outreach are available within the agency.
November 17, 2025 08:00 AM
Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss
A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach has been allowed to proceed after...
October 31, 2025 06:15 PM
Minnesota ends housing aid program due to widespread fraud
ST. PAUL, Minn. — The State of Minnesota's Medical Assistance Housing Stabilization Services program has officially ended due to widespread...
October 26, 2025 07:00 AM
Healthcare Data Breach Statistics
The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS)...
October 08, 2025 07:00 AM
Homeland Security Cyber Personnel Reassigned to Jobs in Trump’s Deportation Push
The US Department of Homeland Security has shifted hundreds of national security specialists, including cyber personnel, into jobs that...
September 09, 2025 07:00 AM
St. Paul, Minn., Proposes $1M Cyber Boost After Cyber Attack
A month after a ransomware attack hit Minnesota's capital city, Mayor Melvin Carter is proposing a $1 million cyber investment.
August 30, 2025 07:00 AM
DHS to offer $110M to faith-based organizations for security upgrades after Minnesota shooting
The Department of Homeland Security will allot $110 million to more than 600 faith-based organizations and nonprofits for security...
August 29, 2025 07:00 AM
St. Paul, Minn., Systems Come Back Online After Cyber Attack
The city is gradually restoring online services after a ransomware attack in July interrupted them. Phone service, online water bill...
August 21, 2025 07:00 AM
Mower County in Minnesota Confirms HIPAA-Data Compromised in June Ransomware Attack
Data breaches have recently been announced by Mower County in Minnesota, Seasons Living in Oregon, Dr. Doug's Pediatric Dentistry in Utah,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MDHS CyberSecurity History Information
Official Website of Minnesota Department of Human Services
The official website of Minnesota Department of Human Services is http://mn.gov/dhs.
Minnesota Department of Human Services’s AI-Generated Cybersecurity Score
According to Rankiteo, Minnesota Department of Human Services’s AI-generated cybersecurity score is 708, reflecting their Moderate security posture.
How many security badges does Minnesota Department of Human Services’ have ?
According to Rankiteo, Minnesota Department of Human Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Minnesota Department of Human Services have SOC 2 Type 1 certification ?
According to Rankiteo, Minnesota Department of Human Services is not certified under SOC 2 Type 1.
Does Minnesota Department of Human Services have SOC 2 Type 2 certification ?
According to Rankiteo, Minnesota Department of Human Services does not hold a SOC 2 Type 2 certification.
Does Minnesota Department of Human Services comply with GDPR ?
According to Rankiteo, Minnesota Department of Human Services is not listed as GDPR compliant.
Does Minnesota Department of Human Services have PCI DSS certification ?
According to Rankiteo, Minnesota Department of Human Services does not currently maintain PCI DSS compliance.
Does Minnesota Department of Human Services comply with HIPAA ?
According to Rankiteo, Minnesota Department of Human Services is not compliant with HIPAA regulations.
Does Minnesota Department of Human Services have ISO 27001 certification ?
According to Rankiteo,Minnesota Department of Human Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Minnesota Department of Human Services
Minnesota Department of Human Services operates primarily in the Government Administration industry.
Number of Employees at Minnesota Department of Human Services
Minnesota Department of Human Services employs approximately 1,925 people worldwide.
Subsidiaries Owned by Minnesota Department of Human Services
Minnesota Department of Human Services presently has no subsidiaries across any sectors.
Minnesota Department of Human Services’s LinkedIn Followers
Minnesota Department of Human Services’s official LinkedIn profile has approximately 32,942 followers.
NAICS Classification of Minnesota Department of Human Services
Minnesota Department of Human Services is classified under the NAICS code 92, which corresponds to Public Administration.
Minnesota Department of Human Services’s Presence on Crunchbase
No, Minnesota Department of Human Services does not have a profile on Crunchbase.
Minnesota Department of Human Services’s Presence on LinkedIn
Yes, Minnesota Department of Human Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/minnesota-department-of-human-services.
Cybersecurity Incidents Involving Minnesota Department of Human Services
As of December 03, 2025, Rankiteo reports that Minnesota Department of Human Services has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Minnesota Department of Human Services has an estimated 11,271 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Minnesota Department of Human Services ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak and Breach.
How does Minnesota Department of Human Services detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with secured servers, and remediation measures with implemented new procedures to address the error, remediation measures with communicated procedure changes to staff, and remediation measures with security plan review and certification (march 2024), remediation measures with ongoing certification process for 2025, and communication strategy with public statements by dcyf commissioner tikki brown, communication strategy with media coverage via 5 investigates..
Incident Details
Can you provide details on each incident ?
Title: Minnesota Department of Human Services Data Breach
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
Type: Data Breach
Attack Vector: Email Compromise
Vulnerability Exploited: Compromised Email Account
Title: Minnesota DHS Data Breach
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity.
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Human Error
Title: Lack of Security Reviews Left Minnesota SNAP System Vulnerable to Breaches and Fraud
Description: The Minnesota Department of Human Services (DHS) failed to perform required security reviews of the computer system critical to the Supplemental Nutrition Assistance Program (SNAP) in 2020 and 2023. This oversight, attributed to a lack of resources, left the system—containing personal data of over 440,000 Minnesotans—vulnerable to potential breaches or fraud. The system determines eligibility for SNAP benefits and holds sensitive personal information. Audits warned that undetected security gaps could increase risks. The issue was addressed in 2024 by the newly formed Department of Children, Youth and Families (DCYF), which certified its security plan in March 2024 and is preparing for 2025 certification. Public trust in the program has been impacted, with beneficiaries expressing concerns over the security of their sensitive data.
Date Publicly Disclosed: 2024-09-16
Type: Security Oversight
Vulnerability Exploited: Lack of Security ReviewsUnpatched Security GapsResource Constraints in DHS
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Email Account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MIN21149222
Data Compromised: Personal information
Systems Affected: Email Servers
Incident : Data Breach MIN164122123
Data Compromised: First and last names, Addresses, Dhs-generated billing account numbers, Parental fee account activity
Incident : Security Oversight MIN3124431112425
Systems Affected: SNAP Eligibility Determination System
Operational Impact: Increased Risk of BreachesPotential FraudErosion of Public Trust
Customer Complaints: ['Concerns from SNAP Beneficiaries Over Data Security']
Brand Reputation Impact: Loss of Trust in Public Assistance Programs
Identity Theft Risk: ['Potential Risk Due to Unsecured Personal Data']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Personal Information, Account Information and .
Which entities were affected by each incident ?
Incident : Data Breach MIN21149222
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Administration
Location: Minnesota, USA
Customers Affected: 11000
Incident : Data Breach MIN164122123
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Sector
Location: Minnesota, USA
Customers Affected: 4307
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Children, Youth and Families (DCYF)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MIN21149222
Containment Measures: Secured Servers
Incident : Data Breach MIN164122123
Remediation Measures: Implemented new procedures to address the errorCommunicated procedure changes to staff
Incident : Security Oversight MIN3124431112425
Remediation Measures: Security Plan Review and Certification (March 2024)Ongoing Certification Process for 2025
Communication Strategy: Public Statements by DCYF Commissioner Tikki BrownMedia Coverage via 5 INVESTIGATES
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MIN21149222
Type of Data Compromised: Personal Information
Number of Records Exposed: 11000
Incident : Data Breach MIN164122123
Type of Data Compromised: Personal information, Account information
Number of Records Exposed: 4307
Sensitivity of Data: Medium
Personally Identifiable Information: first and last namesaddresses
Incident : Security Oversight MIN3124431112425
Sensitivity of Data: Personal Data of SNAP Beneficiaries (High)
Personally Identifiable Information: Potential Exposure (Names, Addresses, Financial Data, etc.)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Implemented new procedures to address the error, Communicated procedure changes to staff, , Security Plan Review and Certification (March 2024), Ongoing Certification Process for 2025, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured servers and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Security Oversight MIN3124431112425
Regulations Violated: Federal Single Audit Requirements for Information System Security Reviews,
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Security Oversight MIN3124431112425
Lessons Learned: Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
What recommendations were made to prevent future incidents ?
Incident : Security Oversight MIN3124431112425
Recommendations: Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
References
Where can I find more information about each incident ?
Incident : Security Oversight MIN3124431112425
Source: 5 INVESTIGATES (KSTP)
Date Accessed: 2024-09-16
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: 5 INVESTIGATES (KSTP)Url: https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/Date Accessed: 2024-09-16.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Security Oversight MIN3124431112425
Investigation Status: Ongoing (Media Investigation by 5 INVESTIGATES; DCYF Claims Remediation Underway)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Dcyf Commissioner Tikki Brown and Media Coverage Via 5 Investigates.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Security Oversight MIN3124431112425
Customer Advisories: Public Statements by DCYF Commissioner Addressing Concerns
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Statements By Dcyf Commissioner Addressing Concerns and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MIN21149222
Entry Point: Compromised Email Account
Incident : Security Oversight MIN3124431112425
High Value Targets: Snap Eligibility System Database,
Data Sold on Dark Web: Snap Eligibility System Database,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MIN164122123
Root Causes: Human Error
Corrective Actions: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff,
Incident : Security Oversight MIN3124431112425
Root Causes: Lack Of Resources In Dhs For Security Reviews, Failure To Comply With Federal Audit Requirements, Inadequate Oversight Of Critical Public Welfare Systems,
Corrective Actions: Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff, , Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust, .
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-16.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, , first and last names, addresses, DHS-generated billing account numbers, parental fee account activity and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Servers and SNAP Eligibility Determination System.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Secured Servers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were first and last names, parental fee account activity, Personal Information, addresses and DHS-generated billing account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 547.0.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Allocate dedicated resources for cybersecurity within public welfare agencies., Enhance transparency with beneficiaries regarding data security measures., Prioritize and fund mandatory security reviews for systems handling sensitive data. and Implement continuous monitoring and third-party audits to ensure compliance..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is 5 INVESTIGATES (KSTP).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Media Investigation by 5 INVESTIGATES; DCYF Claims Remediation Underway).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Public Statements by DCYF Commissioner Addressing Concerns.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised Email Account.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Lack of Resources in DHS for Security ReviewsFailure to Comply with Federal Audit RequirementsInadequate Oversight of Critical Public Welfare Systems.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented new procedures to address the errorCommunicated procedure changes to staff, Security Plan Certification (March 2024) by DCYFOngoing Certification Process for 2025Media Engagement to Rebuild Public Trust.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
Risk Information
cvss3
Base: 4.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Description
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Risk Information
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Risk Information
cvss3
Base: 8.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss4
Base: 7.1
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=minnesota-department-of-human-services' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
