Minnesota county’s sensitive information compromised in ransomware attack

A Minnesota county’s network was subjected to a ransomware attack that may have compromised county clients’ Social Security numbers, insurance information and other sensitive data, Clay County reported on its website Friday.

The county wrote that the ransomware attack occurred in October on its electronic document management system, which also is used by other Minnesota counties.

“Through the investigation, Clay County determined that there was unauthorized access to its network between Oct. 23, 2023, and Oct. 26, 2023,” Clay County’s announcement said. “As Clay County continued its investigation, it later learned that cyber criminals responsible for this attack took some data from Clay County’s network.”

The county said it worked with local IT services and a digital forensics firm to investigate. The county said it’s not aware of any misuse of information, though it said names, Social Security numbers, addresses, dates of birth, county service information and insurance information of clients and their household members may have been affected.

Clay County mailed notices to people whose data was affected in December and on Friday in cases where the county had contact information. Those concerned they may be affected can call 800-459-5922 and provide the engagement number B114604.

Clay County said it has increased security and recommends people who potentially were affected keep an eye on account statements, credit reports and insurance communications, as well as report any suspected fraud to authorities.

More information about the incident and precautionary steps for those affected can be found at Clay County’s website.