Minnesota Department of Human Services data breach impacts 300K

Jessie Van Berkel, Star Tribune on Jan 19, 2026

By clicking submit, I authorize Arcamax and its affiliates to: (1) use, sell, and share my information for marketing purposes, including cross-context behavioral advertising, as described in our Privacy Policy , (2) add to information that I provide with other information like interests inferred from web page views, or data lawfully obtained from data brokers, such as past purchase or location data, or publicly available data, (3) contact me or enable others to contact me by email or other means with offers for different types of goods and services, and (4) retain my information while I am engaging with marketing messages that I receive and for a reasonable amount of time thereafter. I understand I can opt out at any time through an email that I receive, or by clicking here

A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people.

There is not evidence the data was misused, the department said in a Jan. 16 letter notifying impacted individuals. The letter was sent about four months after the breach occurred.

The department said in a statement that their Office of Inspector General has been monitoring billing information to identify whether the data was used to commit fraud.

The breach comes as federal prosecutors have been examining allegations of widespread fraud in numerous state social services programs, which have landed Minnesota in the national spotlight.

For nearly a month starting in late August, a user affiliated with a licensed health care provider accessed data in the state MnCHOICES system without authorization, the notification letter states. Counties, tribes and others use the MnCHOICES system to do assessments and planning for Minnesotans who need long-term services and supports.

The user accessed people’s names, sex, date of birth, phone number, address, Medicaid ID and the last four digits of their social security number. They got additional data for 1,206 people, including demographic information, such as their ethnicity, birth record, physical traits, education, income and benefits.

The user that got the data was authorized to access limited information in the MnCHOICES system but “accessed more data than was reasonably necessary to perform work assignments,” the state’s letter says. The user hasn’t had access to the system since Oct. 30.

The state asked people affected by the breach to review their health care statements and credit reports and flag anything suspicious.

A Department of Human Services spokeswoman said the gap between the breach and the notification of Minnesotans reflects a number of steps.

In mid-November, FEI Systems, the company managing the MnCHOICES system, detected unusual activity and reported it to the state. The state asked FEI to hire a cybersecurity company to do a forensic investigation of the incident.

Officials needed to verify who was affected and prepare notices, which can’t be sent until the investigation is done, according to DHS.

“Since learning of the incident, we have implemented additional technical safeguards to prevent similar incidents in the future,” the department’s notification letter states, noting they also reported the incident to the Minnesota Office of the Legislative Auditor and U.S. Department of Health and Human Services.

_____