MJB
Company Details
Linkedin ID:
minnesota-judicial-branch
Website:
Employees number:
1,075
Number of followers:
7,998
NAICS:
92211
Industry Type:
Homepage:
mncourts.gov
IP Addresses:
0
Company ID:
MIN_8528714
Scan Status:
In-progress
Minnesota Judicial Branch Company CyberSecurity Posture
mncourts.gov
The Minnesota Judicial Branch is made up of 10 judicial districts with 293 district court judgeships, 19 Court of Appeals judges, and 7 Supreme Court justices. The Judicial Branch is governed by the Judicial Council, which is chaired by Natalie E. Hudson, Chief Justice of the Minnesota Supreme Court. The Minnesota Judicial Branch is mandated by the Minnesota Constitution to resolve disputes promptly and without delay. https://bit.ly/m/MNCourts
Minnesota Judicial Branch A.I CyberSecurity Scoring
MJB Risk Score (AI oriented)Between 750 and 799
MJB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MJB Global Score (TPRM)XXXX
MJB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MJB Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
Metropolitan Council
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving the Metropolitan Council on December 6, 2024. The breach occurred between March 27, 2024, and May 27, 2024, affecting 16,935 individuals, including 14 residents of Maine. The compromised information potentially included names, addresses, phone numbers, and social security numbers. The organization is offering 12 months of credit monitoring through IDX.
Minnesota Department of Human Services
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
Minnesota Department of Human Services
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity. DHS implemented new procedures to address the error that led to the incident, and communicated these procedure changes to staff.
Minnesota Department of Human Services (DHS)
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Minnesota Department of Human Services (DHS) failed to conduct mandatory security reviews of its Supplemental Nutrition Assistance Program (SNAP) computer system in **2020 and 2023**, as revealed by federal audits. This system stores highly sensitive personal data of over **440,000 SNAP beneficiaries**, including private financial and identification details. The omission of these reviews was attributed to **resource constraints**, leaving the system vulnerable to **un detected security gaps, breaches, or fraud risks**. While the agency claimed compliance in **March 2024** under the new oversight of the Department of Children, Youth and Families (DCYF), beneficiaries expressed deep concerns over **data privacy and trust erosion** in public assistance programs. The exposed vulnerabilities could enable unauthorized access to confidential records, potentially leading to **identity theft, financial fraud, or misuse of personal information**. The audits explicitly warned that such negligence **heightens the likelihood of a breach**, though no confirmed incident was reported. The failure underscores systemic weaknesses in safeguarding critical welfare infrastructure, risking long-term reputational and operational damage.
University of Minnesota
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In August 2021, the University of Minnesota experienced a data breach involving its **Legacy Data Warehouse**, where unauthorized third parties accessed or acquired personal information of individuals associated with the university from **1989 to August 2021**. The compromised data included records of **prospective students, current/former students, employees, and program participants**, potentially exposing their sensitive details on the dark web. The breach led to a **$5 million class-action settlement**, with affected individuals eligible for a **$30 cash payout and 24 months of dark web monitoring**. The university denied negligence but settled to avoid prolonged litigation. The incident highlighted failures in safeguarding long-term stored data, impacting **decades’ worth of personal records** and prompting legal repercussions. The settlement fund covers administrative costs, attorney fees (up to **$1.67M**), service awards, and claimant payouts, with distributions expected **105 days post-final court approval (January 2026)**. The breach underscored vulnerabilities in legacy systems and the far-reaching consequences of historical data exposure.
University of Minnesota
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The University of Minnesota confirms that it has contacted law enforcement and is investigating a claimed data breach that officials became aware on July 2021. According to the statement, the "U" hired outside forensics specialists from around the world to investigate reports of a breach and make sure the University's computer systems were safe. The University of Minnesota will provide options to help prevent the exploitation of personal information as well as alert anyone who has been impacted by the alleged breach.
MJB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MJB
Incidents vs Administration of Justice Industry Average (This Year)
No incidents recorded for Minnesota Judicial Branch in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Minnesota Judicial Branch in 2025.
Incident Types MJB vs Administration of Justice Industry Avg (This Year)
No incidents recorded for Minnesota Judicial Branch in 2025.
Incident History — MJB (X = Date, Y = Severity)
MJB cyber incidents detection timeline including parent company and subsidiaries
MJB Company Subsidiaries
The Minnesota Judicial Branch is made up of 10 judicial districts with 293 district court judgeships, 19 Court of Appeals judges, and 7 Supreme Court justices. The Judicial Branch is governed by the Judicial Council, which is chaired by Natalie E. Hudson, Chief Justice of the Minnesota Supreme Court. The Minnesota Judicial Branch is mandated by the Minnesota Constitution to resolve disputes promptly and without delay. https://bit.ly/m/MNCourts
Loading...
MJB Similar Companies
United States Department of War
The mission of the Department of War is to provide military forces necessary to protect the security of our country. The U.S. military defends the homeland, deters adversaries, and builds security around the world by projecting U.S. influence and working with allies and partners. In case deterrence
Marine Corps Recruiting
This is the Official LinkedIn Page of Marine Corps Recruiting. We make Marines. We win our nation's battles. We develop quality citizens. These are the promises the Marine Corps makes to our nation and to our Marines. The core values that guide us, and the leadership skills that enable us, not on
Ministerie van Defensie
Het Ministerie van Defensie bestaat uit de Koninklijke Marine, de Koninklijke Landmacht, de Koninklijke Luchtmacht, de Koninklijke Marechaussee, het Commando DienstenCentra en de Defensie Materieel Organisatie. Aan het hoofd van de Bestuursstaf (het departement) staat de minister van Defensie. We
U.S. Coast Guard
The mission of the U.S. Coast Guard is to protect the public, the environment, and U.S. economic interests — along the coast and our coastal borders, in the nation's ports and waterways, in international waters, or in any maritime region as required to support national security. As one of the six b
US Army Corps of Engineers
U.S. Army Corps of Engineers Mission: Provide vital public engineering services in peace and war to strengthen our Nation’s security, energize the economy, and reduce risks from disasters. Privacy Policy/Social Media Guidelines: https://www.usace.army.mil/SocialMedia/ U.S. Army Corps of Engineers
U.S. Air Force Reserve
The Air Force Reserve is an integral component of our Nation's air defense and military support network. Reservists bring knowledge, skills and expertise from their civilian experiences to support critical missions and training around the globe, while working alongside their Active Duty Air Force me
.png)
MJB CyberSecurity News
November 18, 2025 02:19 PM
AI-generated evidence showing up in court alarms judges
AI's growing abilities to create realistic videos, images, documents and audio have judges worried about the trustworthiness of evidence in...
September 16, 2025 07:00 AM
Experts assess threats to federal online dockets
The federal judiciary is strengthening security after cyberattacks exposed vulnerabilities in PACER and CM/ECF, raising concerns over...
August 15, 2025 07:00 AM
Sweeping Security Breach Hits a Federal Court Filing System, Exposing Sensitive Non-Public Case Files
A U.S. federal court filing system has experienced a security breach after suspected nation-state actors potentially accessed highly...
August 13, 2025 07:00 AM
Federal Judiciary Breach Highlights Poor Cybersecurity
A breach of the U.S. national court filing system intensified concerns over the federal judiciary's cybersecurity, with critics urging...
August 12, 2025 07:00 AM
Russia Is Suspected to Be Behind Breach of Federal Court Filing System
Federal officials are scrambling to assess the damage and address flaws in a sprawling, heavily used computer system long known to have...
August 12, 2025 07:00 AM
Russia reportedly implicated in hack on US federal courts' databases
Databases used by US federal courts for sharing and managing case documents have been hacked, according to reports from Politco and The New...
August 06, 2025 07:00 AM
Federal court filing system hit in sweeping hack
The identities of confidential court informants are feared compromised in a series of breaches across multiple U.S. states.
June 08, 2025 07:00 AM
Business People: Jennifer Lauerman to head up Canterbury Park marketing
GAMING Canterbury Park Racetrack and Casino, Shakopee, announced that Jennifer Lauerman has been named vice president of marketing and...
January 30, 2025 07:39 PM
Cybersecurity 2024 Legislation
The risk of cyberattacks remains high for government and businesses. The extensive use of digital tools such as social media and artificial intelligence adds...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MJB CyberSecurity History Information
Official Website of Minnesota Judicial Branch
The official website of Minnesota Judicial Branch is http://www.mncourts.gov.
Minnesota Judicial Branch’s AI-Generated Cybersecurity Score
According to Rankiteo, Minnesota Judicial Branch’s AI-generated cybersecurity score is 764, reflecting their Fair security posture.
How many security badges does Minnesota Judicial Branch’ have ?
According to Rankiteo, Minnesota Judicial Branch currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Minnesota Judicial Branch have SOC 2 Type 1 certification ?
According to Rankiteo, Minnesota Judicial Branch is not certified under SOC 2 Type 1.
Does Minnesota Judicial Branch have SOC 2 Type 2 certification ?
According to Rankiteo, Minnesota Judicial Branch does not hold a SOC 2 Type 2 certification.
Does Minnesota Judicial Branch comply with GDPR ?
According to Rankiteo, Minnesota Judicial Branch is not listed as GDPR compliant.
Does Minnesota Judicial Branch have PCI DSS certification ?
According to Rankiteo, Minnesota Judicial Branch does not currently maintain PCI DSS compliance.
Does Minnesota Judicial Branch comply with HIPAA ?
According to Rankiteo, Minnesota Judicial Branch is not compliant with HIPAA regulations.
Does Minnesota Judicial Branch have ISO 27001 certification ?
According to Rankiteo,Minnesota Judicial Branch is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Minnesota Judicial Branch
Minnesota Judicial Branch operates primarily in the Administration of Justice industry.
Number of Employees at Minnesota Judicial Branch
Minnesota Judicial Branch employs approximately 1,075 people worldwide.
Subsidiaries Owned by Minnesota Judicial Branch
Minnesota Judicial Branch presently has no subsidiaries across any sectors.
Minnesota Judicial Branch’s LinkedIn Followers
Minnesota Judicial Branch’s official LinkedIn profile has approximately 7,998 followers.
NAICS Classification of Minnesota Judicial Branch
Minnesota Judicial Branch is classified under the NAICS code 92211, which corresponds to Courts.
Minnesota Judicial Branch’s Presence on Crunchbase
No, Minnesota Judicial Branch does not have a profile on Crunchbase.
Minnesota Judicial Branch’s Presence on LinkedIn
Yes, Minnesota Judicial Branch maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/minnesota-judicial-branch.
Cybersecurity Incidents Involving Minnesota Judicial Branch
As of December 08, 2025, Rankiteo reports that Minnesota Judicial Branch has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
Minnesota Judicial Branch has an estimated 330 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Minnesota Judicial Branch ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak and Breach.
What was the total financial impact of these incidents on Minnesota Judicial Branch ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $5 million.
How does Minnesota Judicial Branch detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with secured servers, and remediation measures with implemented new procedures to address the error, remediation measures with communicated procedure changes to staff, and third party assistance with outside forensics specialists, and and communication strategy with providing options to prevent exploitation of personal information and alerting impacted individuals, and third party assistance with kroll settlement administration llc (settlement administration), and recovery measures with $5 million settlement fund for affected individuals, and communication strategy with direct notices sent to affected individuals in september 2023, communication strategy with public settlement claim process, and remediation measures with security plan review and certification (march 2024), remediation measures with ongoing certification process for 2025, and communication strategy with public statements by dcyf commissioner tikki brown, communication strategy with media coverage via 5 investigates..
Incident Details
Can you provide details on each incident ?
Title: Minnesota Department of Human Services Data Breach
Description: Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account. The attack exposed the personal information of about 11,000 people. The hackers were immediately detected and the servers were secured.
Type: Data Breach
Attack Vector: Email Compromise
Vulnerability Exploited: Compromised Email Account
Title: Minnesota DHS Data Breach
Description: Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program. The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity.
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Human Error
Title: University of Minnesota Data Breach
Description: The University of Minnesota confirms that it has contacted law enforcement and is investigating a claimed data breach that officials became aware on July 2021. According to the statement, the 'U' hired outside forensics specialists from around the world to investigate reports of a breach and make sure the University's computer systems were safe. The University of Minnesota will provide options to help prevent the exploitation of personal information as well as alert anyone who has been impacted by the alleged breach.
Date Detected: July 2021
Type: Data Breach
Title: Data Breach at Metropolitan Council
Description: The Maine Office of the Attorney General reported a data breach involving the Metropolitan Council on December 6, 2024. The breach occurred between March 27, 2024, and May 27, 2024, affecting 16,935 individuals, including 14 residents of Maine. The compromised information potentially included names, addresses, phone numbers, and social security numbers, and the organization is offering 12 months of credit monitoring through IDX.
Date Detected: 2024-12-06
Date Publicly Disclosed: 2024-12-06
Type: Data Breach
Title: University of Minnesota Legacy Data Warehouse Data Breach (August 2021)
Description: Unauthorized third parties accessed or obtained personal data from the University of Minnesota’s Legacy Data Warehouse in August 2021, potentially affecting students, employees, and program participants from 1989 through August 2021. The breach led to a $5 million class action settlement, offering affected individuals a $30 cash payment and 24 months of dark web monitoring. Personal data may have been posted on the dark web.
Date Detected: 2021-08-10
Date Publicly Disclosed: 2023-09
Type: Data Breach
Threat Actor: Unauthorized third parties
Title: Lack of Security Reviews Left Minnesota SNAP System Vulnerable to Breaches and Fraud
Description: The Minnesota Department of Human Services (DHS) failed to perform required security reviews of the computer system critical to the Supplemental Nutrition Assistance Program (SNAP) in 2020 and 2023. This oversight, attributed to a lack of resources, left the system—containing personal data of over 440,000 Minnesotans—vulnerable to potential breaches or fraud. The system determines eligibility for SNAP benefits and holds sensitive personal information. Audits warned that undetected security gaps could increase risks. The issue was addressed in 2024 by the newly formed Department of Children, Youth and Families (DCYF), which certified its security plan in March 2024 and is preparing for 2025 certification. Public trust in the program has been impacted, with beneficiaries expressing concerns over the security of their sensitive data.
Date Publicly Disclosed: 2024-09-16
Type: Security Oversight
Vulnerability Exploited: Lack of Security ReviewsUnpatched Security GapsResource Constraints in DHS
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Email Account and Legacy Data Warehouse.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MIN21149222
Data Compromised: Personal information
Systems Affected: Email Servers
Incident : Data Breach MIN164122123
Data Compromised: First and last names, Addresses, Dhs-generated billing account numbers, Parental fee account activity
Incident : Data Breach MET935072725
Data Compromised: Names, Addresses, Phone numbers, Social security numbers
Incident : Data Breach UNI5693656101625
Financial Loss: $5,000,000 (settlement fund)
Systems Affected: Legacy Data Warehouse
Brand Reputation Impact: Negative (class action lawsuit and public disclosure)
Legal Liabilities: $5,000,000 settlement, attorneys' fees up to $1,666,666.67
Identity Theft Risk: High (personal data exposed, dark web monitoring offered)
Incident : Security Oversight MIN3124431112425
Systems Affected: SNAP Eligibility Determination System
Operational Impact: Increased Risk of BreachesPotential FraudErosion of Public Trust
Customer Complaints: ['Concerns from SNAP Beneficiaries Over Data Security']
Brand Reputation Impact: Loss of Trust in Public Assistance Programs
Identity Theft Risk: ['Potential Risk Due to Unsecured Personal Data']
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $833.33 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Personal Information, Account Information, , Names, Addresses, Phone Numbers, Social Security Numbers, , Personal Information and .
Which entities were affected by each incident ?
Incident : Data Breach MIN21149222
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Administration
Location: Minnesota, USA
Customers Affected: 11000
Incident : Data Breach MIN164122123
Entity Name: Minnesota Department of Human Services
Entity Type: Government Agency
Industry: Public Sector
Location: Minnesota, USA
Customers Affected: 4307
Incident : Data Breach UNI84623823
Entity Name: University of Minnesota
Entity Type: Educational Institution
Industry: Education
Location: Minnesota, USA
Incident : Data Breach MET935072725
Entity Name: Metropolitan Council
Entity Type: Government
Industry: Public Administration
Customers Affected: 16935
Incident : Data Breach UNI5693656101625
Entity Name: Regents of the University of Minnesota
Entity Type: Educational Institution
Industry: Higher Education
Location: Minnesota, USA
Customers Affected: Students, employees, and program participants from 1989 to August 2021
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Incident : Security Oversight MIN3124431112425
Entity Name: Minnesota Department of Children, Youth and Families (DCYF)
Entity Type: Government Agency
Industry: Public Welfare
Location: Minnesota, USA
Customers Affected: 440,000+ (SNAP Beneficiaries)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MIN21149222
Containment Measures: Secured Servers
Incident : Data Breach MIN164122123
Remediation Measures: Implemented new procedures to address the errorCommunicated procedure changes to staff
Incident : Data Breach UNI84623823
Third Party Assistance: Outside Forensics Specialists.
Communication Strategy: Providing options to prevent exploitation of personal information and alerting impacted individuals
Incident : Data Breach UNI5693656101625
Third Party Assistance: Kroll Settlement Administration Llc (Settlement Administration).
Recovery Measures: $5 million settlement fund for affected individuals
Communication Strategy: Direct notices sent to affected individuals in September 2023Public settlement claim process
Incident : Security Oversight MIN3124431112425
Remediation Measures: Security Plan Review and Certification (March 2024)Ongoing Certification Process for 2025
Communication Strategy: Public Statements by DCYF Commissioner Tikki BrownMedia Coverage via 5 INVESTIGATES
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Outside forensics specialists, , Kroll Settlement Administration LLC (settlement administration), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MIN21149222
Type of Data Compromised: Personal Information
Number of Records Exposed: 11000
Incident : Data Breach MIN164122123
Type of Data Compromised: Personal information, Account information
Number of Records Exposed: 4307
Sensitivity of Data: Medium
Personally Identifiable Information: first and last namesaddresses
Incident : Data Breach MET935072725
Type of Data Compromised: Names, Addresses, Phone numbers, Social security numbers
Number of Records Exposed: 16935
Sensitivity of Data: High
Incident : Data Breach UNI5693656101625
Type of Data Compromised: Personal information
Sensitivity of Data: High (includes personally identifiable information)
Incident : Security Oversight MIN3124431112425
Sensitivity of Data: Personal Data of SNAP Beneficiaries (High)
Personally Identifiable Information: Potential Exposure (Names, Addresses, Financial Data, etc.)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Implemented new procedures to address the error, Communicated procedure changes to staff, , Security Plan Review and Certification (March 2024), Ongoing Certification Process for 2025, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured servers and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach UNI5693656101625
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through $5 million settlement fund for affected individuals, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach UNI5693656101625
Legal Actions: Class action lawsuit settled for $5 million,
Incident : Security Oversight MIN3124431112425
Regulations Violated: Federal Single Audit Requirements for Information System Security Reviews,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit settled for $5 million, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Security Oversight MIN3124431112425
Lessons Learned: Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
What recommendations were made to prevent future incidents ?
Incident : Security Oversight MIN3124431112425
Recommendations: Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.Prioritize and fund mandatory security reviews for systems handling sensitive data., Implement continuous monitoring and third-party audits to ensure compliance., Enhance transparency with beneficiaries regarding data security measures., Allocate dedicated resources for cybersecurity within public welfare agencies.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
References
Where can I find more information about each incident ?
Incident : Data Breach UNI84623823
Source: University of Minnesota
Incident : Data Breach MET935072725
Source: Maine Office of the Attorney General
Date Accessed: 2024-12-06
Incident : Data Breach UNI5693656101625
Source: Class Action Settlement Notice
Incident : Data Breach UNI5693656101625
Source: Kroll Settlement Administration LLC
Incident : Security Oversight MIN3124431112425
Source: 5 INVESTIGATES (KSTP)
Date Accessed: 2024-09-16
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: University of Minnesota, and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-12-06, and Source: Class Action Settlement Notice, and Source: Kroll Settlement Administration LLC, and Source: 5 INVESTIGATES (KSTP)Url: https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/Date Accessed: 2024-09-16.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach UNI84623823
Investigation Status: Ongoing
Incident : Data Breach UNI5693656101625
Investigation Status: Settled (class action lawsuit resolved)
Incident : Security Oversight MIN3124431112425
Investigation Status: Ongoing (Media Investigation by 5 INVESTIGATES; DCYF Claims Remediation Underway)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Providing options to prevent exploitation of personal information and alerting impacted individuals, Direct Notices Sent To Affected Individuals In September 2023, Public Settlement Claim Process, Public Statements By Dcyf Commissioner Tikki Brown and Media Coverage Via 5 Investigates.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UNI5693656101625
Stakeholder Advisories: Direct Notices To Affected Individuals (September 2023), Public Settlement Claim Process.
Customer Advisories: $30 cash payment and 24 months of dark web monitoring offered to affected individuals
Incident : Security Oversight MIN3124431112425
Customer Advisories: Public Statements by DCYF Commissioner Addressing Concerns
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Direct Notices To Affected Individuals (September 2023), Public Settlement Claim Process, $30 Cash Payment And 24 Months Of Dark Web Monitoring Offered To Affected Individuals, , Public Statements By Dcyf Commissioner Addressing Concerns and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MIN21149222
Entry Point: Compromised Email Account
Incident : Data Breach UNI5693656101625
Entry Point: Legacy Data Warehouse,
High Value Targets: Personal Data Of Students, Employees, And Program Participants (1989–2021),
Data Sold on Dark Web: Personal Data Of Students, Employees, And Program Participants (1989–2021),
Incident : Security Oversight MIN3124431112425
High Value Targets: Snap Eligibility System Database,
Data Sold on Dark Web: Snap Eligibility System Database,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach MIN164122123
Root Causes: Human Error
Corrective Actions: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff,
Incident : Data Breach UNI5693656101625
Root Causes: Failure To Adequately Protect Personal Information In Legacy Data Warehouse,
Corrective Actions: $5 Million Settlement Fund, Dark Web Monitoring For Affected Individuals,
Incident : Security Oversight MIN3124431112425
Root Causes: Lack Of Resources In Dhs For Security Reviews, Failure To Comply With Federal Audit Requirements, Inadequate Oversight Of Critical Public Welfare Systems,
Corrective Actions: Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Outside Forensics Specialists, , Kroll Settlement Administration Llc (Settlement Administration), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented New Procedures To Address The Error, Communicated Procedure Changes To Staff, , $5 Million Settlement Fund, Dark Web Monitoring For Affected Individuals, , Security Plan Certification (March 2024) By Dcyf, Ongoing Certification Process For 2025, Media Engagement To Rebuild Public Trust, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third parties.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on July 2021.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-16.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $5,000,000 (settlement fund).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, , first and last names, addresses, DHS-generated billing account numbers, parental fee account activity, , names, addresses, phone numbers, social security numbers, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Servers and Legacy Data Warehouse and SNAP Eligibility Determination System.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was outside forensics specialists, , kroll settlement administration llc (settlement administration), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Secured Servers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were social security numbers, first and last names, names, parental fee account activity, Personal Information, addresses, DHS-generated billing account numbers and phone numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 751.0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit settled for $5 million, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regular security reviews and resource allocation are critical to preventing vulnerabilities in systems handling sensitive public welfare data. Delays in compliance can erode public trust and increase risks of fraud or breaches.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Allocate dedicated resources for cybersecurity within public welfare agencies., Enhance transparency with beneficiaries regarding data security measures., Prioritize and fund mandatory security reviews for systems handling sensitive data. and Implement continuous monitoring and third-party audits to ensure compliance..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are University of Minnesota, 5 INVESTIGATES (KSTP), Maine Office of the Attorney General, Class Action Settlement Notice and Kroll Settlement Administration LLC.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Direct notices to affected individuals (September 2023), Public settlement claim process, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an $30 cash payment and 24 months of dark web monitoring offered to affected individuals and Public Statements by DCYF Commissioner Addressing Concerns.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised Email Account.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Human Error, Failure to adequately protect personal information in Legacy Data Warehouse, Lack of Resources in DHS for Security ReviewsFailure to Comply with Federal Audit RequirementsInadequate Oversight of Critical Public Welfare Systems.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented new procedures to address the errorCommunicated procedure changes to staff, $5 million settlement fundDark web monitoring for affected individuals, Security Plan Certification (March 2024) by DCYFOngoing Certification Process for 2025Media Engagement to Rebuild Public Trust.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 3.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=minnesota-judicial-branch' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
