Hennepin County reports data breach affecting 2 public health programs
Learn More
Hennepin County, Minnesota, reports a data breach involving a database that contained information about participants in two public health programs, "Find Your 5" and "Step to It." These programs are focused on promoting healthy eating and physical activity among residents.
The breach, discovered on August 27, 2024, involved unauthorized access to the database, which held details for approximately 4,400 participants in the 2024 iterations of these programs. The database contained personal information provided during the registration for these public health challenges.
Exposed data includes:
- First and last names
- Email addresses
- Phone numbers
- Mailing addresses
- Age range
- Race
- Gender
The county claims that incident did not involve the viewing, copying, or downloading of data by an unauthorized person. Instead, it appears that code was inserted into the database, which automatically altered some data fields. For example:
- All entries in a city field were changed to the name of a California city.
- Certain demographic fields were altered to the number one.
The database was taken offline immediately after the breach was discovered. No details are disclosed about the nature of the attack, although the reported impact indicates blind SQL injection.
