The Minnesota DHS (Department of Human Services) announced that an employee’s email account was accessed by criminal hackers last September.The phishing attack may have exposed the PII (personable identifiable information) of about 3,000 people within its Children and Family Services division.
In a letter to those impacted, Department Commissioner Tony Lourey said: “Minnesota’s executive agencies, including DHS, are the frequent target of increasingly sophisticated “email phishing campaigns.” Partnering with Minnesota IT Services (“MNIT”), we have been able to successfully defend against the vast majority of these email phishing campaigns. Unfortunately, on or about September 28, 2018, a hacker was able to use an email phishing campaign to gain access to the state email account of an employee in the Children and Family Services division of DHS. The hacker used this account to send out spam email messages and may have viewed some of the information contained in the account.”
The DHS followed what has become standard protocol. It informed those who were affected, launched an investigation, stated it continues to implement technologies to protect users’ data, and offered tips to those whose PII might have been exposed.
This is not the first time the DHS has been hacked. Last fall, about 21,000 Minnesota residents had their PII exposed after two state email accounts were compromised.
Learn to protect your data
Many states are starting to recognize the importance of data and information security. Register for our webinar “Do I need to comply with the California Consumer Privacy Act (CCPA)?”, scheduled for Thursday, February 21, 2019, 1:00 – 2:00 pm EST. The law affects organizations both in and outside of California, so no matter where your organization is located, if you collect and process the personal data of California residents, you must comply.
The webinar will discuss existing cybersecurity laws, why organizations need to comply with the CCPA.
It will also focus on:
- State laws and how they affect business security requirements
- The SEC security and privacy requirements for public companies
- The impact of FINRA and the NYDFS on financial-sector organizations
- HIPAA and the compliance requirements for the health care industry