|
FOR IMMEDIATE RELEASE
Contact: Carolyn Marinan, Chief Public Relations Officer, 612-910-9111
On August 27, 2024, Hennepin County learned of unauthorized access to a database containing registration data for "Find Your 5" and "Step to It" public health program participants. Based on the county’s investigation, it appears that a code was inserted that automatically changed some of the data (e.g., all entries in the city field were changed to a city in California, and the demographic information was changed to the number “1”).
"We do not have any indication that an actual person viewed the data or that any of the data was copied or downloaded," said Kristi Lahti-Johnson, Hennepin County Data Practices Compliance Official.
About 4,400 individuals registered for the 2024 "Step to It" or "Find Your 5" challenges in Hennepin County. The database contained any of the following information that was entered when an individual registered: First and last name, email address, phone number, mailing address, age range, race, and/or gender.
"Once we became aware of the situation, Hennepin County took immediate action to isolate the database and take it offline, so data was no longer accessible," said Lahti-Johnson. The county located the vulnerability, and this database is now secure.
There was no sensitive data in the database, such as financial information, so it does not appear that there is a financial risk to registrants. There is not any indication that any data has been viewed, copied, or downloaded, and the county does not believe there was any misuse of data. As required, an investigation report has been completed and can be found at www.hennepin.us/data-breach. Instructions for requesting delivery of the report by mail or email will also be posted on the website. Additionally, everyone for whom we have an email address has been contacted directly.
Look for more news on the Hennepin County website at hennepin.us/news.
|
