The Minnesota Department of Human Services has been hit badly in a phishing attack. The attack may have compromised the personal information of nearly 3,000 people.
The attack occurred after a worker’s email was hacked in September 2018. The compromised email was later used as a channel to steal data of individuals. The state employee who received the legitimate-looking official email contained a malicious link.
Once the link was clicked, it allowed the hackers to access information and send spam messages from the state employee’s account.
Type of information compromised
It is unclear as which information has been compromised by the hackers. However, Department Commissioner Tony Lourey believes that information of 3,000 people including their names, birth dates, phone numbers, email addresses and information about child protection cases could have been breached in the incident, TwinCities reported.
The breach also exposed Social Security Number, driver’s license numbers and financial data of an additional 30 people who were using the account.
Minnesota IT Services have secured the email and begun investigating the breach. In addition, the department has also sent out notification letters to the affected individuals.