MDHS
Company Details
Linkedin ID:
minnesota-department-of-human-services
Website:
Employees number:
1,876
Number of followers:
34,170
NAICS:
92
Industry Type:
Homepage:
mn.gov
IP Addresses:
0
Company ID:
MIN_3087173
Scan Status:
In-progress
Minnesota Department of Human Services Company CyberSecurity Posture
mn.gov
The Minnesota Department of Human Services (DHS) helps provide essential services to Minnesota’s most vulnerable residents. Working with many others, including counties, tribes and non-profits, DHS helps ensure that Minnesota seniors, people with disabilities, children and others meet their basic needs and have the opportunity to reach their full potential DHS employs a highly talented and dedicated workforce committed to providing services that produce positive outcomes for clients in a cost-effective manner. Employees have an opportunity to make a difference in the lives of Minnesotans every day. Be a part of growing team of talented professionals! Career opportunities at DHS Public policy analysts Human Service Technicians (Direct Care) Administrative and executive assistants Accountants and auditors Budget and business analysts Doctors and pharmacists Mental Health Professional Educators Human Resources Licensed Alcohol & Drug Counselor Nurses and nursing assistants Physical therapists Rehabilitation therapists Researchers, planners and data analysts Social workers Attorneys Health care administrators Eligibility and benefits representatives Interns and fellows
Minnesota Department of Human Services A.I CyberSecurity Scoring
MDHS Risk Score (AI oriented)Between 0 and 549
MDHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MDHS Global Score (TPRM)XXXX
MDHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MDHS Company CyberSecurity News & History
Past Incidents
9
Attack Types
3
FEI SystemsFEI Systems: Minnesota Department of Human Services data breach impacts 300K
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals In late August, an unauthorized user affiliated with a licensed healthcare provider accessed sensitive data in Minnesota’s MnCHOICES system a platform used by counties, tribes, and agencies to assess and plan long-term services for vulnerable populations. The breach persisted for nearly a month before being detected. The unauthorized access included names, dates of birth, addresses, phone numbers, Medicaid IDs, and the last four digits of Social Security numbers for nearly 304,000 individuals. For 1,206 people, additional details such as ethnicity, birth records, physical traits, education, income, and benefits were exposed. The user, who had legitimate but limited access to MnCHOICES, exceeded their authorized permissions by retrieving more data than necessary for their role. Access was revoked on October 30 after FEI Systems, the vendor managing the system, detected unusual activity in mid-November and reported it to the state. A forensic investigation was subsequently launched. The Minnesota Department of Human Services (DHS) stated there is no evidence the data was misused, though the Office of Inspector General is monitoring billing records for potential fraud. Affected individuals were notified via a January 16 letter, nearly four months after the breach occurred. The delay was attributed to the need to verify impacted records and complete the investigation before issuing notices. In response, DHS implemented additional technical safeguards and reported the incident to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services. The breach highlights vulnerabilities in systems handling sensitive health and social services data.
FEI Systems and Minnesota Department of Health and Human Services: Minnesota Health Program Faces Data Breach Affecting 300,000
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident, discovered in November, involved unauthorized access by a "provider-associated" user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility. FEI Systems, the vendor managing the program, alerted state officials to the breach. While the unauthorized user has since been blocked, a forensic analysis confirmed that the accessed data has not been misused. The compromised information may include personal and medical details used in eligibility determinations. Affected individuals will receive letters from the Minnesota DHS with guidance to monitor their medical statements for suspicious activity. The Minnesota DHS Office of Inspector General is leading the ongoing investigation into the incident.
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System The Minnesota Department of Human Services (DHS) is notifying nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a third-party IT platform managed by FEI Systems. The system is used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The breach was detected on November 18, 2025, when FEI Systems identified "unusual user activity" and reported it to DHS the following day. An investigation revealed that a healthcare worker affiliated with a licensed provider accessed data beyond their authorized scope between August 28 and September 21, 2025. The state revoked the provider’s access on October 30, 2025, and FEI commissioned a forensic review at DHS’s request. Exposed data includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, and sensitive details such as ethnicity, income, and program eligibility. While 303,965 individuals had demographic information accessed, an additional 1,206 had more extensive records compromised. Authorities found no evidence of external hacking, and the DHS Office of Inspector General is monitoring for potential fraud. The incident was reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the unauthorized user was not a DHS employee, no disciplinary action was taken by the agency. FEI Systems has not provided further comment.
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse The Minnesota Department of Human Services (DHS) has notified nearly 304,000 individuals of a data breach involving unauthorized access to its *MnChoices* system, a platform used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The system is managed by third-party vendor FEI Systems. On November 18, 2025, FEI detected "unusual user activity" and reported it to DHS the following day. An investigation revealed that between August 28 and September 21, 2025, a worker affiliated with a licensed healthcare provider accessed data beyond their authorized scope. While the user had legitimate access to limited information, they retrieved more data than necessary for their role. DHS revoked the provider’s access on October 30, 2025. The breach exposed demographic details for 303,965 individuals, with an additional subset of 1,206 affected by further data exposure. Compromised information includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data. Authorities found no evidence of external hacking. The DHS Office of Inspector General is monitoring billing records for potential fraud, while the incident has been reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the user was not a DHS employee, no disciplinary action was taken by the agency. FEI has not provided further comment.
Minnesota Department of Human Services: Minnesota Department of Human Services data breach impacts 300K
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services Data Breach Exposes Personal Information of 304,000 Individuals A data breach at the Minnesota Department of Human Services (DHS) compromised the private information of nearly 304,000 individuals, the agency disclosed in a January 16 notification letter. The unauthorized access occurred approximately four months before affected individuals were informed. The breach involved a system managed by the DHS, though the department stated there is no current evidence that the exposed data was misused. To mitigate potential risks, the agency’s Office of Inspector General is actively monitoring billing records for signs of fraudulent activity. Impacted individuals were advised to review their healthcare statements and credit reports for suspicious activity. The DHS has not provided further details on the cause of the breach or the specific types of data accessed. The incident highlights ongoing vulnerabilities in state-managed systems handling sensitive personal information.
Minnesota Department of Human Services: Data breach compromised records of 300K people at Minnesota human services department
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota DHS Reports Data Breach Affecting 304,000 Individuals The Minnesota Department of Human Services (DHS) recently disclosed a data breach impacting nearly 304,000 state residents, stemming from unauthorized access to the MnCHOICES system a platform used by counties, tribes, and managed care organizations to support individuals requiring long-term services. The breach began in late August 2023, when a user affiliated with a healthcare provider accessed state data without proper authorization. While the individual had legitimate access to some MnCHOICES data, they exceeded their permissions, retrieving sensitive information over a one-month period. By the time the breach was detected on November 18, 2023, the unauthorized access had exposed demographic records, income data, and educational backgrounds of hundreds of thousands of individuals. For over 1,200 people, the breach included more detailed personal information, such as names, phone numbers, dates of birth, addresses, Medicaid ID numbers, and partial Social Security numbers. The state’s investigation, conducted with assistance from FEI Systems (the IT vendor managing MnCHOICES) and an external cybersecurity firm, found no evidence of data misuse. However, notifications were issued out of caution. The Minnesota Office of Inspector General is monitoring billing records for potential fraud, with plans to refer any suspicious activity to law enforcement. The DHS has not disclosed the identity of the unauthorized user or the healthcare provider involved. The incident highlights vulnerabilities in systems handling sensitive health and demographic data.
Minnesota Department of Human Services
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity. DHS implemented new procedures to address the error that led to the incident, and communicated these procedure changes to staff.
Minnesota Department of Human Services (DHS)
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Minnesota Department of Human Services (DHS) failed to conduct mandatory security reviews of its Supplemental Nutrition Assistance Program (SNAP) computer system in 2020 and 2023, as revealed by federal audits. This system stores highly sensitive personal data of over 440,000 SNAP beneficiaries, including private financial and identification details. The omission of these reviews was attributed to resource constraints, leaving the system vulnerable to un detected security gaps, breaches, or fraud risks. While the agency claimed compliance in March 2024 under the new oversight of the Department of Children, Youth and Families (DCYF), beneficiaries expressed deep concerns over data privacy and trust erosion in public assistance programs. The exposed vulnerabilities could enable unauthorized access to confidential records, potentially leading to identity theft, financial fraud, or misuse of personal information. The audits explicitly warned that such negligence heightens the likelihood of a breach, though no confirmed incident was reported. The failure underscores systemic weaknesses in safeguarding critical welfare infrastructure, risking long-term reputational and operational damage.
Minnesota Department of Human Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
MDHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MDHS
Incidents vs Government Administration Industry Average (This Year)
Minnesota Department of Human Services has 52.38% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Minnesota Department of Human Services has 28.57% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types MDHS vs Government Administration Industry Avg (This Year)
Minnesota Department of Human Services reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — MDHS (X = Date, Y = Severity)
MDHS cyber incidents detection timeline including parent company and subsidiaries
MDHS Company Subsidiaries
The Minnesota Department of Human Services (DHS) helps provide essential services to Minnesota’s most vulnerable residents. Working with many others, including counties, tribes and non-profits, DHS helps ensure that Minnesota seniors, people with disabilities, children and others meet their basic needs and have the opportunity to reach their full potential DHS employs a highly talented and dedicated workforce committed to providing services that produce positive outcomes for clients in a cost-effective manner. Employees have an opportunity to make a difference in the lives of Minnesotans every day. Be a part of growing team of talented professionals! Career opportunities at DHS Public policy analysts Human Service Technicians (Direct Care) Administrative and executive assistants Accountants and auditors Budget and business analysts Doctors and pharmacists Mental Health Professional Educators Human Resources Licensed Alcohol & Drug Counselor Nurses and nursing assistants Physical therapists Rehabilitation therapists Researchers, planners and data analysts Social workers Attorneys Health care administrators Eligibility and benefits representatives Interns and fellows
Loading...
MDHS Similar Companies
GSA
General Services Administration (GSA) is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies. Our organization includes the Public Buildings Service (PBS), Federal Acquisition Service (FAS), and a variety of S
FDA
The Food and Drug Administration is an agency within the Department of Health and Human Services. The FDA is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; and by ensuring the safet
Swiss Federal Administration
Seven departments, the Federal Chancellery and around 70 administrative units make up the Federal Administration. With around 38,000 employees, we are one of the largest employers in Switzerland. Everyone who works for the Federal Administration actively contributes to Switzerland's well-being and
The Singapore Public Service
The Singapore Public Service works with the elected Government and Singaporeans to forge a common vision of Singapore’s future and bring it into reality. We take pride in living out our values of integrity, service and excellence. Follow us for stories on how our public officers are contributing
Ontario Government | Gouvernement de l’Ontario
Ontario Government | Gouvernement de l’Ontario The Ontario Government works to serve the public interest and uphold the public trust by providing Ministers with objective advice and expert guidance. The Ontario Public Service carries out the decisions and policies of the elected government with int
Ministero dell'Interno
Il ministero dell'Interno è una struttura complessa il cui assetto organizzativo è disciplinato dal D.L.vo n. 300/99 e dai provvedimenti attuativi. A livello centrale, si articola in uffici di diretta collaborazione con il ministro (D.P.R. n. 98/2002) e cinque dipartimenti (D.P.R. n. 398/2001 e succ
Home to a respected and energetic cultural arts scene, celebrated restaurants featuring flavors from 35 countries, world-renowned theater groups and the brains behind U.S. space exploration, Houston is a diverse metropolis brimming with personality. With nearly 21,000 concerts, plays, exhibition
Council Careers Victoria
Victorian local government jobs offer opportunities for people with diverse skills. The sector delivers more than 100 services and employs staff in the areas of health and community care, corporate and business support, engineering, planning and community development, and environment and emergency m
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
.png)
MDHS CyberSecurity News
January 22, 2026 02:49 AM
Minnesota official denies DHS claim that the state is releasing dangerous criminals
Paul Schnell, Minnesota's corrections commissioner, rejects DHS' claims that state authorities have been releasing hundreds of dangerous...
January 21, 2026 11:15 PM
Minnesota Department of Human Services Data Breach Claims Investigated by Lynch Carpenter
PITTSBURGH, Jan. 21, 2026 (GLOBE NEWSWIRE) -- Minnesota Department of Human Services (“MN DHS”),1 recently announced a cybersecurity...
January 21, 2026 09:17 PM
Over 300K impacted by Minnesota human services department breach
The Minnesota Department of Human Services has confirmed that almost 304000 individuals had their demographic information pilfered following...
January 21, 2026 12:04 PM
News - Minnesota DHS Announces Significant IT System Data Breach, Over 300,000 Affected
The Minnesota Department of Human Services reported a significant data security breach involving unauthorised access to a vendor-managed IT...
January 21, 2026 12:04 PM
Minnesota DHS notifies nearly 304,000 people of unauthorized access to MnCHOICES records
The Minnesota Department of Human Services has begun notifying nearly 304000 individuals after unauthorized access was identified within...
January 20, 2026 06:38 PM
Data breach compromised records of 300K people at Minnesota human services department
An employee of a health care provider with access to state records viewed more “than was reasonably necessary to perform work assignments.”
January 20, 2026 03:52 PM
Minnesota Department of Human Services Data Breach Affects Over 300K Individuals
The Minnesota Department of Human Services (DHS) has notified almost 304000 individuals about unauthorized access to their demographic...
January 20, 2026 11:00 AM
Congress opens ‘industrial-scale fraud’ probe in Minnesota, warns Walz demands are ‘just the beginning’
Minnesota Governor Tim Walz under federal scrutiny for alleged fraud in 14 high-risk Medicaid programs as Congress investigates overbilling...
January 20, 2026 01:13 AM
Minnesota Department of Human Services data breach impacts 300K
A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MDHS CyberSecurity History Information
Official Website of Minnesota Department of Human Services
The official website of Minnesota Department of Human Services is http://mn.gov/dhs.
Minnesota Department of Human Services’s AI-Generated Cybersecurity Score
According to Rankiteo, Minnesota Department of Human Services’s AI-generated cybersecurity score is 224, reflecting their Critical security posture.
How many security badges does Minnesota Department of Human Services’ have ?
According to Rankiteo, Minnesota Department of Human Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Minnesota Department of Human Services been affected by any supply chain cyber incidents ?
According to Rankiteo, Minnesota Department of Human Services has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are:
- FEI Systems (Incident ID: FEI1768877970)
- FEI Systems (Incident ID: FEIMIN1769103080)
- FEI Systems (Incident ID: FEIMIN1768969952)
- FEI Systems (Incident ID: FEIMIN1768948386)
Does Minnesota Department of Human Services have SOC 2 Type 1 certification ?
According to Rankiteo, Minnesota Department of Human Services is not certified under SOC 2 Type 1.
Does Minnesota Department of Human Services have SOC 2 Type 2 certification ?
According to Rankiteo, Minnesota Department of Human Services does not hold a SOC 2 Type 2 certification.
Does Minnesota Department of Human Services comply with GDPR ?
According to Rankiteo, Minnesota Department of Human Services is not listed as GDPR compliant.
Does Minnesota Department of Human Services have PCI DSS certification ?
According to Rankiteo, Minnesota Department of Human Services does not currently maintain PCI DSS compliance.
Does Minnesota Department of Human Services comply with HIPAA ?
According to Rankiteo, Minnesota Department of Human Services is not compliant with HIPAA regulations.
Does Minnesota Department of Human Services have ISO 27001 certification ?
According to Rankiteo,Minnesota Department of Human Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Minnesota Department of Human Services
Minnesota Department of Human Services operates primarily in the Government Administration industry.
Number of Employees at Minnesota Department of Human Services
Minnesota Department of Human Services employs approximately 1,876 people worldwide.
Subsidiaries Owned by Minnesota Department of Human Services
Minnesota Department of Human Services presently has no subsidiaries across any sectors.
Minnesota Department of Human Services’s LinkedIn Followers
Minnesota Department of Human Services’s official LinkedIn profile has approximately 34,170 followers.
NAICS Classification of Minnesota Department of Human Services
Minnesota Department of Human Services is classified under the NAICS code 92, which corresponds to Public Administration.
Minnesota Department of Human Services’s Presence on Crunchbase
No, Minnesota Department of Human Services does not have a profile on Crunchbase.
Minnesota Department of Human Services’s Presence on LinkedIn
Yes, Minnesota Department of Human Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/minnesota-department-of-human-services.
Cybersecurity Incidents Involving Minnesota Department of Human Services
As of January 25, 2026, Rankiteo reports that Minnesota Department of Human Services has experienced 9 cybersecurity incidents.
Number of Peer and Competitor Companies
Minnesota Department of Human Services has an estimated 11,878 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Minnesota Department of Human Services ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak and Breach.
How does Minnesota Department of Human Services detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with secured servers, and remediation measures with implemented new procedures to address the error, remediation measures with communicated procedure changes to staff, and remediation measures with security plan review and certification (march 2024), remediation measures with ongoing certification process for 2025, and communication strategy with public statements by dcyf commissioner tikki brown, communication strategy with media coverage via 5 investigates, and incident response plan activated with yes, and third party assistance with fei systems (forensic investigation), and containment measures with access revoked on october 30, 2023, and remediation measures with additional technical safeguards implemented, and communication strategy with affected individuals notified via letter on january 16, 2024, and communication strategy with notification letter sent to affected individuals, and enhanced monitoring with active monitoring of billing records for fraudulent activity by the office of inspector general, and third party assistance with fei systems, external cybersecurity firm, and communication strategy with notifications issued to affected individuals, and enhanced monitoring with monitoring by minnesota office of inspector general for potential fraud, and containment measures with access revoked for the provider on october 30, 2025, and communication strategy with notification to affected individuals, and third party assistance with forensic review commissioned by fei systems, and containment measures with access revoked for the unauthorized provider on october 30, 2025, and communication strategy with notifications sent to affected individuals, and third party assistance with fei systems (forensic analysis), and containment measures with unauthorized user blocked, and communication strategy with affected individuals notified via letters with guidance to monitor medical statements..
Incident Details
Can you provide details on each incident ?
Title: Minnesota Department of Human Services Data Breach
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
Type: Data Breach
Attack Vector: Email Compromise
Vulnerability Exploited: Compromised Email Account
Title: Minnesota DHS Data Breach
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity.
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Human Error
Title: Lack of Security Reviews Left Minnesota SNAP System Vulnerable to Breaches and Fraud
Description: The Minnesota Department of Human Services (DHS) failed to perform required security reviews of the computer system critical to the Supplemental Nutrition Assistance Program (SNAP) in 2020 and 2023. This oversight, attributed to a lack of resources, left the system—containing personal data of over 440,000 Minnesotans—vulnerable to potential breaches or fraud. The system determines eligibility for SNAP benefits and holds sensitive personal information. Audits warned that undetected security gaps could increase risks. The issue was addressed in 2024 by the newly formed Department of Children, Youth and Families (DCYF), which certified its security plan in March 2024 and is preparing for 2025 certification. Public trust in the program has been impacted, with beneficiaries expressing concerns over the security of their sensitive data.
Date Publicly Disclosed: 2024-09-16
Type: Security Oversight
Vulnerability Exploited: Lack of Security ReviewsUnpatched Security GapsResource Constraints in DHS
Title: Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals
Description: In late August, an unauthorized user affiliated with a licensed healthcare provider accessed sensitive data in Minnesota’s MnCHOICES system, a platform used by counties, tribes, and agencies to assess and plan long-term services for vulnerable populations. The breach persisted for nearly a month before being detected. The unauthorized access included names, dates of birth, addresses, phone numbers, Medicaid IDs, and the last four digits of Social Security numbers for nearly 304,000 individuals. For 1,206 people, additional details such as ethnicity, birth records, physical traits, education, income, and benefits were exposed. The user exceeded their authorized permissions by retrieving more data than necessary for their role.
Date Detected: 2023-11-15
Date Publicly Disclosed: 2024-01-16
Date Resolved: 2023-10-30
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Excessive Permissions
Threat Actor: Affiliated User (Licensed Healthcare Provider)
Title: Minnesota Department of Human Services Data Breach
Description: A data breach at the Minnesota Department of Human Services (DHS) compromised the private information of nearly 304,000 individuals. The unauthorized access occurred approximately four months before affected individuals were informed. The breach involved a system managed by the DHS, though the department stated there is no current evidence that the exposed data was misused.
Date Publicly Disclosed: 2024-01-16
Type: Data Breach
Title: Minnesota DHS Data Breach Affecting 304,000 Individuals
Description: The Minnesota Department of Human Services (DHS) disclosed a data breach impacting nearly 304,000 state residents due to unauthorized access to the MnCHOICES system, which supports individuals requiring long-term services. The breach exposed demographic records, income data, educational backgrounds, and sensitive personal information for over 1,200 individuals.
Date Detected: 2023-11-18
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Excessive Permissions
Threat Actor: Unauthorized User Affiliated with Healthcare Provider
Title: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse
Description: The Minnesota Department of Human Services (DHS) has notified nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a platform used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The system is managed by third-party vendor FEI Systems. Unauthorized access occurred due to a worker affiliated with a licensed healthcare provider accessing data beyond their authorized scope.
Date Detected: 2025-11-18
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Excessive Data Access Permissions
Threat Actor: Worker affiliated with a licensed healthcare provider
Title: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System
Description: The Minnesota Department of Human Services (DHS) is notifying nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a third-party IT platform managed by FEI Systems. The system is used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. A healthcare worker affiliated with a licensed provider accessed data beyond their authorized scope.
Date Detected: 2025-11-18
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized access by authorized user
Threat Actor: Healthcare worker affiliated with a licensed provider
Title: Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program
Description: The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident involved unauthorized access by a 'provider-associated' user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility.
Date Detected: 2023-11
Type: Data Breach
Attack Vector: Unauthorized access by insider
Threat Actor: Provider-associated user
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Email Account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MIN21149222
Data Compromised: Personal information
Systems Affected: Email Servers
Incident : Data Breach MIN164122123
Data Compromised: First and last names, Addresses, Dhs-generated billing account numbers, Parental fee account activity
Incident : Security Oversight MIN3124431112425
Systems Affected: SNAP Eligibility Determination System
Operational Impact: Increased Risk of BreachesPotential FraudErosion of Public Trust
Customer Complaints: ['Concerns from SNAP Beneficiaries Over Data Security']
Brand Reputation Impact: Loss of Trust in Public Assistance Programs
Identity Theft Risk: ['Potential Risk Due to Unsecured Personal Data']
Incident : Data Breach FEI1768877970
Data Compromised: Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits
Systems Affected: MnCHOICES System
Brand Reputation Impact: Yes
Identity Theft Risk: Yes
Incident : Data Breach MIN1768885020
Data Compromised: Personal information of 304,000 individuals
Systems Affected: DHS-managed system
Identity Theft Risk: Potential risk due to exposed personal information
Incident : Data Breach MIN1768941399
Data Compromised: Demographic records, income data, educational backgrounds, names, phone numbers, dates of birth, addresses, Medicaid ID numbers, partial Social Security numbers
Systems Affected: MnCHOICES system
Brand Reputation Impact: Potential reputational damage to Minnesota DHS
Identity Theft Risk: High for 1,200 individuals with exposed sensitive data
Incident : Data Breach FEIMIN1768948386
Data Compromised: Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data
Systems Affected: MnChoices system
Identity Theft Risk: High
Incident : Data Breach FEIMIN1768969952
Data Compromised: Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility
Systems Affected: MnChoices system (FEI Systems)
Identity Theft Risk: Yes
Incident : Data Breach FEIMIN1769103080
Data Compromised: Personal and medical details used in eligibility determinations
Systems Affected: MnCHOICES web-based system
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Personal Information, Account Information, , Personal Identifiable Information, Medicaid Ids, Social Security Numbers (Last Four Digits), Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, , Personal information, Demographic Records, Income Data, Educational Backgrounds, Names, Phone Numbers, Dates Of Birth, Addresses, Medicaid Id Numbers, Partial Social Security Numbers, , Personally Identifiable Information (PII), Medicaid IDs, partial SSNs, demographic data, financial eligibility details, program-specific data, Personally Identifiable Information (PII), Protected Health Information (PHI), Medicaid IDs, partial SSNs, demographic data, program eligibility details, Personal Information, Medical Details and .
Which entities were affected by each incident ?
Incident : Data Breach MIN21149222
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Administration
Location: Minnesota, USA
Customers Affected: 11000
Incident : Data Breach MIN164122123
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Sector
Location: Minnesota, USA
Customers Affected: 4307
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Children, Youth and Families (DCYF)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Incident : Data Breach FEI1768877970
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare & Social Services
Location: Minnesota, USA
Customers Affected: 304,000 individuals
Incident : Data Breach MIN1768885020
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Public Sector
Location: Minnesota, USA
Customers Affected: 304,000 individuals
Incident : Data Breach MIN1768941399
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare and Social Services
Location: Minnesota, USA
Size: Large
Customers Affected: 304,000 individuals
Incident : Data Breach FEIMIN1768948386
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare & Social Services
Location: Minnesota, USA
Customers Affected: 303,965 individuals (plus 1,206 with additional data exposure)
Incident : Data Breach FEIMIN1768948386
Entity Name: FEI Systems
Entity Type: Third-Party Vendor
Industry: IT Services
Incident : Data Breach FEIMIN1768969952
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare / Social Services
Location: Minnesota, USA
Customers Affected: 303,965 individuals (demographic data), 1,206 individuals (extensive records)
Incident : Data Breach FEIMIN1768969952
Entity Name: FEI Systems
Entity Type: IT Vendor
Industry: Technology / Healthcare IT
Incident : Data Breach FEIMIN1769103080
Entity Name: Minnesota Department of Health and Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare / Social Services
Location: Minnesota, USA
Customers Affected: 300,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MIN21149222
Containment Measures: Secured Servers
Incident : Data Breach MIN164122123
Remediation Measures: Implemented new procedures to address the errorCommunicated procedure changes to staff
Incident : Security Oversight MIN3124431112425
Remediation Measures: Security Plan Review and Certification (March 2024)Ongoing Certification Process for 2025
Communication Strategy: Public Statements by DCYF Commissioner Tikki BrownMedia Coverage via 5 INVESTIGATES
Incident : Data Breach FEI1768877970
Incident Response Plan Activated: Yes
Third Party Assistance: FEI Systems (Forensic Investigation)
Containment Measures: Access revoked on October 30, 2023
Remediation Measures: Additional technical safeguards implemented
Communication Strategy: Affected individuals notified via letter on January 16, 2024
Incident : Data Breach MIN1768885020
Communication Strategy: Notification letter sent to affected individuals
Enhanced Monitoring: Active monitoring of billing records for fraudulent activity by the Office of Inspector General
Incident : Data Breach MIN1768941399
Third Party Assistance: FEI Systems, External Cybersecurity Firm
Communication Strategy: Notifications issued to affected individuals
Enhanced Monitoring: Monitoring by Minnesota Office of Inspector General for potential fraud
Incident : Data Breach FEIMIN1768948386
Containment Measures: Access revoked for the provider on October 30, 2025
Communication Strategy: Notification to affected individuals
Incident : Data Breach FEIMIN1768969952
Third Party Assistance: Forensic review commissioned by FEI Systems
Containment Measures: Access revoked for the unauthorized provider on October 30, 2025
Communication Strategy: Notifications sent to affected individuals
Incident : Data Breach FEIMIN1769103080
Third Party Assistance: FEI Systems (forensic analysis)
Containment Measures: Unauthorized user blocked
Communication Strategy: Affected individuals notified via letters with guidance to monitor medical statements
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through FEI Systems (Forensic Investigation), FEI Systems, External Cybersecurity Firm, Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MIN21149222
Type of Data Compromised: Personal Information
Number of Records Exposed: 11000
Incident : Data Breach MIN164122123
Type of Data Compromised: Personal information, Account information
Number of Records Exposed: 4307
Sensitivity of Data: Medium
Personally Identifiable Information: first and last namesaddresses
Incident : Security Oversight MIN3124431112425
Sensitivity of Data: Personal Data of SNAP Beneficiaries (High)
Personally Identifiable Information: Potential Exposure (Names, Addresses, Financial Data, etc.)
Incident : Data Breach FEI1768877970
Type of Data Compromised: Personal identifiable information, Medicaid ids, Social security numbers (last four digits), Ethnicity, Birth records, Physical traits, Education, Income, Benefits
Number of Records Exposed: 304,000 (1,206 with additional sensitive data)
Sensitivity of Data: High
Data Exfiltration: No evidence of misuse
Personally Identifiable Information: Yes
Incident : Data Breach MIN1768885020
Type of Data Compromised: Personal information
Number of Records Exposed: 304,000
Sensitivity of Data: High (private information)
Personally Identifiable Information: Yes
Incident : Data Breach MIN1768941399
Type of Data Compromised: Demographic records, Income data, Educational backgrounds, Names, Phone numbers, Dates of birth, Addresses, Medicaid id numbers, Partial social security numbers
Number of Records Exposed: 304,000 (1,200 with sensitive data)
Sensitivity of Data: High for 1,200 individuals
Personally Identifiable Information: Yes
Incident : Data Breach FEIMIN1768948386
Type of Data Compromised: Personally Identifiable Information (PII), Medicaid IDs, partial SSNs, demographic data, financial eligibility details, program-specific data
Number of Records Exposed: 303,965 (plus 1,206 with additional exposure)
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, dates of birth, partial Social Security numbers, ethnicity, race
Incident : Data Breach FEIMIN1768969952
Type of Data Compromised: Personally Identifiable Information (PII), Protected Health Information (PHI), Medicaid IDs, partial SSNs, demographic data, program eligibility details
Number of Records Exposed: 304,000+
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, dates of birth, partial Social Security numbers, ethnicity, income
Incident : Data Breach FEIMIN1769103080
Type of Data Compromised: Personal information, Medical details
Number of Records Exposed: 300,000
Sensitivity of Data: High
Data Exfiltration: Not confirmed
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Implemented new procedures to address the error, Communicated procedure changes to staff, , Security Plan Review and Certification (March 2024), Ongoing Certification Process for 2025, , Additional technical safeguards implemented.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured servers, , access revoked on october 30, 2023, access revoked for the provider on october 30, 2025, access revoked for the unauthorized provider on october 30, 2025 and unauthorized user blocked.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Security Oversight MIN3124431112425
Regulations Violated: Federal Single Audit Requirements for Information System Security Reviews,
Incident : Data Breach FEI1768877970
Regulatory Notifications: Minnesota Office of the Legislative AuditorU.S. Department of Health and Human Services
Incident : Data Breach FEIMIN1768948386
Regulations Violated: HIPAA,
Regulatory Notifications: Minnesota Office of the Legislative AuditorU.S. Department of Health and Human Services
Incident : Data Breach FEIMIN1768969952
Regulations Violated: HIPAA
Regulatory Notifications: Reported to U.S. Department of Health and Human Services, Minnesota Office of the Legislative Auditor
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Security Oversight MIN3124431112425
Lessons Learned: Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
Incident : Data Breach FEI1768877970
Lessons Learned: Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring.
Incident : Data Breach MIN1768941399
Lessons Learned: Highlights vulnerabilities in systems handling sensitive health and demographic data, particularly regarding permission controls.
What recommendations were made to prevent future incidents ?
Incident : Security Oversight MIN3124431112425
Recommendations: Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.
Incident : Data Breach FEI1768877970
Recommendations: Implement additional technical safeguards, enhance monitoring of user permissions, and expedite breach notification processes.
Incident : Data Breach MIN1768885020
Recommendations: Affected individuals were advised to review their healthcare statements and credit reports for suspicious activity.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring.Highlights vulnerabilities in systems handling sensitive health and demographic data, particularly regarding permission controls.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Affected individuals were advised to review their healthcare statements and credit reports for suspicious activity., Implement additional technical safeguards, enhance monitoring of user permissions and and expedite breach notification processes..
References
Where can I find more information about each incident ?
Incident : Security Oversight MIN3124431112425
Source: 5 INVESTIGATES (KSTP)
Date Accessed: 2024-09-16
Incident : Data Breach FEI1768877970
Source: Minnesota Department of Human Services
Incident : Data Breach MIN1768885020
Source: DHS Notification Letter
Incident : Data Breach MIN1768941399
Source: Cyber Incident Description
Incident : Data Breach FEIMIN1768948386
Source: Cyber Incident Description
Incident : Data Breach FEIMIN1768969952
Source: Minnesota Department of Human Services
Incident : Data Breach FEIMIN1769103080
Source: Minnesota DHS
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: 5 INVESTIGATES (KSTP)Url: https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/Date Accessed: 2024-09-16, and Source: Minnesota Department of Human Services, and Source: DHS Notification Letter, and Source: Cyber Incident Description, and Source: Cyber Incident Description, and Source: Minnesota Department of Human Services, and Source: Minnesota DHS.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Security Oversight MIN3124431112425
Investigation Status: Ongoing (Media Investigation by 5 INVESTIGATES; DCYF Claims Remediation Underway)
Incident : Data Breach FEI1768877970
Investigation Status: Completed
Incident : Data Breach MIN1768885020
Investigation Status: Ongoing
Incident : Data Breach MIN1768941399
Investigation Status: Completed (no evidence of data misuse found)
Incident : Data Breach FEIMIN1768948386
Investigation Status: Ongoing (DHS Office of Inspector General monitoring billing records for fraud)
Incident : Data Breach FEIMIN1768969952
Investigation Status: Ongoing (DHS Office of Inspector General monitoring for fraud)
Incident : Data Breach FEIMIN1769103080
Investigation Status: Ongoing (led by Minnesota DHS Office of Inspector General)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Dcyf Commissioner Tikki Brown, Media Coverage Via 5 Investigates, Affected individuals notified via letter on January 16, 2024, Notification letter sent to affected individuals, Notifications issued to affected individuals, Notification to affected individuals, Notifications sent to affected individuals and Affected individuals notified via letters with guidance to monitor medical statements.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Security Oversight MIN3124431112425
Customer Advisories: Public Statements by DCYF Commissioner Addressing Concerns
Incident : Data Breach FEI1768877970
Customer Advisories: Affected individuals notified via letter on January 16, 2024
Incident : Data Breach MIN1768885020
Customer Advisories: Review healthcare statements and credit reports for suspicious activity.
Incident : Data Breach MIN1768941399
Customer Advisories: Notifications issued to affected individuals
Incident : Data Breach FEIMIN1768948386
Customer Advisories: Notification sent to affected individuals
Incident : Data Breach FEIMIN1768969952
Customer Advisories: Notifications sent to affected individuals
Incident : Data Breach FEIMIN1769103080
Customer Advisories: Letters sent to affected individuals with monitoring guidance
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Statements By Dcyf Commissioner Addressing Concerns, , Affected individuals notified via letter on January 16, 2024, Review healthcare statements and credit reports for suspicious activity., Notifications issued to affected individuals, Notification sent to affected individuals, Notifications sent to affected individuals and Letters sent to affected individuals with monitoring guidance.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MIN21149222
Entry Point: Compromised Email Account
Incident : Security Oversight MIN3124431112425
High Value Targets: Snap Eligibility System Database,
Data Sold on Dark Web: Snap Eligibility System Database,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MIN164122123
Root Causes: Human Error
Corrective Actions: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff,
Incident : Security Oversight MIN3124431112425
Root Causes: Lack Of Resources In Dhs For Security Reviews, Failure To Comply With Federal Audit Requirements, Inadequate Oversight Of Critical Public Welfare Systems,
Corrective Actions: Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust,
Incident : Data Breach FEI1768877970
Root Causes: Excessive user permissions, delayed detection of unauthorized access
Corrective Actions: Additional technical safeguards implemented, stricter access controls
Incident : Data Breach MIN1768941399
Root Causes: Unauthorized access due to excessive permissions granted to a user affiliated with a healthcare provider
Incident : Data Breach FEIMIN1768948386
Root Causes: Excessive data access permissions granted to a third-party worker
Incident : Data Breach FEIMIN1768969952
Root Causes: Unauthorized access by an authorized user beyond their scope
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as FEI Systems (Forensic Investigation), Active monitoring of billing records for fraudulent activity by the Office of Inspector General, FEI Systems, External Cybersecurity Firm, Monitoring by Minnesota Office of Inspector General for potential fraud, Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff, , Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust, , Additional technical safeguards implemented, stricter access controls.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Affiliated User (Licensed Healthcare Provider), Unauthorized User Affiliated with Healthcare Provider, Worker affiliated with a licensed healthcare provider, Healthcare worker affiliated with a licensed provider and Provider-associated user.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-15.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-01-16.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2023-10-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, , first and last names, addresses, DHS-generated billing account numbers, parental fee account activity, , Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, Personal information of 304,000 individuals, Demographic records, income data, educational backgrounds, names, phone numbers, dates of birth, addresses, Medicaid ID numbers, partial Social Security numbers, Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data, Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility and Personal and medical details used in eligibility determinations.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Servers and SNAP Eligibility Determination System and and and and and and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was FEI Systems (Forensic Investigation), FEI Systems, External Cybersecurity Firm, Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Secured Servers, Access revoked on October 30, 2023, Access revoked for the provider on October 30, 2025, Access revoked for the unauthorized provider on October 30, 2025 and Unauthorized user blocked.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal and medical details used in eligibility determinations, addresses, Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility, first and last names, Demographic records, income data, educational backgrounds, names, phone numbers, dates of birth, addresses, Medicaid ID numbers, partial Social Security numbers, Personal information of 304,000 individuals, Personal Information, parental fee account activity, DHS-generated billing account numbers, Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details and and program-specific data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.8M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches., Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring., Highlights vulnerabilities in systems handling sensitive health and demographic data, particularly regarding permission controls.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement continuous monitoring and third-party audits to ensure compliance., Affected individuals were advised to review their healthcare statements and credit reports for suspicious activity., Implement additional technical safeguards, enhance monitoring of user permissions, and expedite breach notification processes., Enhance transparency with beneficiaries regarding data security measures., Prioritize and fund mandatory security reviews for systems handling sensitive data. and Allocate dedicated resources for cybersecurity within public welfare agencies..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description, 5 INVESTIGATES (KSTP), DHS Notification Letter, Minnesota DHS and Minnesota Department of Human Services.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Media Investigation by 5 INVESTIGATES; DCYF Claims Remediation Underway).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Public Statements by DCYF Commissioner Addressing Concerns, Affected individuals notified via letter on January 16, 2024, Review healthcare statements and credit reports for suspicious activity., Notifications issued to affected individuals, Notification sent to affected individuals, Notifications sent to affected individuals and Letters sent to affected individuals with monitoring guidance.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised Email Account.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Lack of Resources in DHS for Security ReviewsFailure to Comply with Federal Audit RequirementsInadequate Oversight of Critical Public Welfare Systems, Excessive user permissions, delayed detection of unauthorized access, Unauthorized access due to excessive permissions granted to a user affiliated with a healthcare provider, Excessive data access permissions granted to a third-party worker, Unauthorized access by an authorized user beyond their scope.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented new procedures to address the errorCommunicated procedure changes to staff, Security Plan Certification (March 2024) by DCYFOngoing Certification Process for 2025Media Engagement to Rebuild Public Trust, Additional technical safeguards implemented, stricter access controls.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=minnesota-department-of-human-services' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
