Hennepin County discloses data breach affecting 2 public health programs

Hennepin County officials announced Tuesday that a database that contained information about people who participated in two public health programs had been breached.

The breach, which officials learned of Aug. 27, focused on a database that contained information for about 4,400 people who participated in 2024 “Step to It” or “Find Your 5″ challenges in Hennepin County. The programs encourage people to eat healthy foods and be active.

“We do not have any indication that an actual person viewed the data or that any of the data was copied or downloaded,” Kristi Lahti-Johnson, Hennepin County data practices compliance official, said in a news release.

Instead, officials said a county investigation showed that code was inserted into the database that automatically changed some of the data. For example, all entries in a city field were changed to the name of a California city, and demographic information was changed to the number one.

Officials said the database included information that people provided when they registered for the public health programs, including: first and last name, email address, phone number, mailing address, age range, race, and gender.

“There was no sensitive data in the database, such as financial information, so it does not appear that there is a financial risk to registrants,” the news release said. “There is not any indication that any data has been viewed, copied, or downloaded, and the county does not believe there was any misuse of data.”

Lahti-Johnson said the county took the database offline after learning of the breach and has since secured it.