Minnesota Human Services Program Breach Exposes Data of 300,000 Individuals
Learn More
The Minnesota Department of Human Services (DHS) reports a data breach in its MnCHOICES system, a web-based tool that helps counties and Tribal Nations decide who qualifies for long-term care.
A user related to a licensed healthcare provider broke into the system and viewed records they did not need for their work. The unauthorized access happened between August 28 and September 21, 2025.
FEI Systems, the vendor that runs the platform, detected the activity on November 18, 2025 and reported the incident to DHS the next day. DHS had already stopped the provider's access on October 30, 2025.
The exposed data includes:
- Full names, aliases, and home addresses
- Email addresses and phone numbers
- Dates of birth and physical traits
- Medicaid IDs and the last four digits of Social Security numbers
- Race, ethnicity, and birth records
- Education, income, and benefit details
- Financial and program eligibility data
- Lock-in and spenddown records
The breach affects 303,965 people. While most files were basic records, the user accessed extra details for 1,206 individuals. DHS sent letters to everyone affected in January 2026. The Office of Inspector General is now investigating for signs of fraud or identity theft.
DHS added new technical controls to the system to stop future leaks and reported the incident to authorities. Affected individuals should monitor their medical bills for fake charges and review their credit reports for unusual activity.
