Cyber Incident Victim: Minnesota Senate

On June 2, 2020, at 4:24 AM, unauthorized actors breached the Minnesota State Senate's servers, gaining access for several minutes before detection. Senate Information Services (SIS) immediately took the server offline as a precautionary measure upon discovering the intrusion. Forensic analysis conducted with assistance from Minnesota IT Services (MNIT) and the FBI confirmed the attackers had accessed a critical Passwords File containing credentials used by senators, staff, and administrative systems. This file included passwords for the Senate's main database server and WiFi network credentials. By 6:00 PM that evening, multiple Senate web pages remained offline as SIS worked to rebuild affected systems following the takedown. All compromised passwords were reset, including those for database access and WiFi authentication. The Senate WiFi network was temporarily disabled to facilitate credential resets and security testing. Log files were scrutinized to verify no persistent unauthorized access remained.

The incident caused significant operational disruption, with the Senate website partially inoperable throughout the day due to the deliberate server shutdown. Officials publicly distinguished this breach from unrelated distributed denial-of-service (DDoS) attacks targeting other state systems that weekend, noting the DDoS incidents caused only intermittent outages without compromising internal systems. Secretary of the Senate Cal Ludeman notified legislators and staff about the breach via letter on June 2, detailing the compromised assets and countermeasures implemented. No evidence suggested exfiltration of data beyond the password file, though the brief access window limited investigators' ability to determine full attacker intent. The coordinated response involving SIS, MNIT, and federal authorities focused on credential invalidation and infrastructure restoration while preserving forensic evidence for ongoing analysis.