On August 27, 2024, Hennepin County learned of unauthorized access to a database containing registration data for Find Your 5 and Step to It participants. Based on the county's investigation, it appears that a code was inserted that automatically changed some of the data (e.g., all entries in the city field were changed to a city in California, and the demographic information was changed to the number "1"). We do not have any indication that an actual person viewed the data or that any of the data was copied or downloaded.
About 4,400 individuals registered for the 2024 Step to It or Find Your 5 challenges in Hennepin County. The database contained any of the following information that was entered when they registered: First and last name, email address, phone number, mailing address, age range, race, and/or gender.
Once we became aware of the situation, Hennepin County took immediate action to isolate the database and take it offline, so data was no longer accessible. Hennepin County located the vulnerability, and this database is now secure.
There was no sensitive data in the database, such as financial information, so it does not appear that there is a financial risk to registrants. We do not have any indication that any data has been viewed, copied, or downloaded, and we do not believe there was any misuse of data.
See the full report of this incident.
If you would like a copy of this report sent to you, please contact hcdatabreach@hennepin.us.