Scammers who hacked into the e-mail accounts of Ramsey County employees this summer had access to the personal information of about 500 people who used some of the county’s health and social service programs, according to county officials.
Officials were not aware of any identities having been stolen since the breach, which happened in August, said Ramsey County spokesman John Siqveland.
The scam targeted the e-mails of county employees in an apparent attempt to divert their paychecks, Siqveland said. While the attempt was quickly spotted and thwarted, the hackers gained access to 28 employee e-mail accounts, which may have allowed them to see client information including names, Social Security numbers, dates of birth and addresses.
The clients were primarily those who have used the county’s adult mental health and adult chemical health services, Siqveland said. The county mailed letters Monday notifying those affected, he said.
Shortly after the e-mail accounts were compromised, county officials notified police and hired a data security firm to investigate the scam. The firm discovered that the hackers may have had access to the clients’ data and notified the county in October.
Since the breach, the county has adopted new data security measures, including stronger password requirements and multistep authentication, Siqveland said. Clients of Ramsey County’s health and social service programs who have questions may call the county at 651-266-2275.