Missouri Department of Conservation reports data breach exposing employee health data

The Missouri Department of Conservation reports a data breach that exposed sensitive personal and health information of current and former employees enrolled in the agency's health benefits plan.

The breach was first discovered in February 2025 when MDC's cybersecurity team detected suspicious activity on one of the department's servers. The department activated its Incident Response Team to analyze systems and assess the scope of the breach.

In April, after additional analysis, MDC determined that some files impacted by the unauthorized access contained health information. The breach affected current and former beneficiaries of the Missouri Department of Conservation's employee health benefits plan. The exposed data includes:

• Names and addresses
• Birth dates and phone numbers
• Email addresses
• Health benefits enrollment details
• Social Security numbers
• Driver's license numbers or state identification numbers

The nature of the attack and the number of individuals affected has not been disclosed.

As part of its response, MDC said it will offer complimentary credit monitoring services to those who may have been affected. Written notifications are being sent to affected individuals, and substitute notifications are posted on the department's website for those with incomplete contact records.