Hennepin County investigating cyberattack on employee email accounts

Hennepin County officials said Thursday that they are responding to a "sophisticated email cyberattack" on county employees' email accounts.

Authorities said the perpetrators of the attack used so-called phishing emails to access the credentials to about 20 employees' email accounts. They then used those legitimate accounts to send out malicious emails.

"Like many organizations, we're increasingly facing threats of phishing attacks," Jerome Driessen, the county's chief information officer, said in the news release. "We've been aggressively responding to and monitoring activity since the first indication, and increased our efforts to protect staff this week."

The county said in a news release that officials are "evaluating the content of those compromised email accounts and assessing the extent to which private data may have been accessed. Some emails may contain private data about individuals to whom the county provides services."

The county said it has notified vendors, and referred the cyberattack to the FBI for investigation. A report on the county investigation of the incident will be made public upon completion.

"Hennepin County takes its responsibility to protect resident data very seriously," Driessen said. "We continue ongoing employee training and education. We also continuously enhance IT security measures to prevent increasingly sophisticated cyberattacks, and we hope this announcement can further dialogue about the increasing threats to all organizations' cybersecurity."