Cyberattackers infiltrate Hennepin County workers’ e-mails

August 10, 2018

Cyber attackers have infiltrated e-mail accounts for about 20 Hennepin County employees since late June, and may have accessed the private information of people who rely on the countys services, county officials revealed Thursday.

Using e-mails disguised as pay raise notifications, a sophisticated phishing scam duped the employees into giving up their login information, then used their official e-mail accounts and signatures to spread the attack to other contacts, according to county officials.

The county is still investigating what private information may have been exposed.

We have a dedicated team working on this very issue, going through what could have been in those e-mail boxes, said Jerome Driessen, the countys chief information officer. He said the county generally advises people not to put private information into e-mails.

The countys 9,500 employees block millions of spam e-mails every quarter, said Drieseen. He said its improved its cyber security measures and training in recent years, including holding simulated phishing attack exercises for employees. Since discovering the breach, it has implemented more preventive measures, he said.

Hennepin County has notified its business vendors of the attack and reported it to the FBI, said Driessen.

Traditionally, IT workers probably never envisioned a day where wed have to work with law enforcement on these sorts of things, but its becoming more standard, he said.

The FBI did not return calls for comment on Thursday.

Andy Mannix 612-673-4036

Update hourly