Cyber Incident Victim: Ramsey County Social Services
Date:
Aug 2018
Location:
United States of America
Summary
A cybersecurity incident at Ramsey County Social Services involved unauthorized access to 28 employees' email accounts, potentially compromising personal information of approximately 500 clients. Attackers attempted but failed to redirect employee paychecks using the compromised accounts. Forensic analysis revealed exposed client data including names, addresses, Social Security numbers, and limited medical information. Notification delays occurred while verifying client identities and addresses, though no misuse of stolen data was reported. Following the breach, the organization implemented multi-factor authentication, password strength enforcement, and upgraded security software across its network.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2018, Ramsey County discovered unauthorized access to 28 employee email accounts within its social services department, which handles sensitive client programs including chemical dependency and mental health treatment. Forensic analysis determined that hackers compromised these accounts and attempted to redirect employee paychecks, though the county successfully prevented the fraudulent transactions. The county engaged a data-security firm to investigate the breach’s scope. On October 12, 2018, the firm confirmed that attackers potentially accessed personal information of approximately 500 clients through the compromised email accounts. Exposed data included names, addresses, Social Security numbers, and limited medical information, as employees routinely used email for official communications involving client records. The breach originated from external actors whose identities and motives remained unidentified by county officials. No evidence suggested ongoing unauthorized access beyond the initial August intrusion.
Ramsey County began mailing notification letters to affected clients on December 11, 2018, over two months after confirming the data exposure. County spokesman John Siqveland attributed the delay to efforts in verifying the accuracy of client information and locating current addresses, as some individuals’ contact details were outdated. The public notice acknowledged the risk of identity theft but confirmed no client reports of data misuse had been received as of the notification date. In response to the incident, the county implemented multi-factor authentication across its network, deployed password strength enforcement tools, and acquired enhanced cybersecurity software. These measures aimed to prevent similar breaches, though the county did not disclose whether the attackers exploited specific technical vulnerabilities. The social services department maintained operations throughout the investigation without reporting additional disruptions beyond the initial payroll diversion attempt.