The Minnesota Department of Human Services (DHS) failed to conduct mandatory security reviews of its Supplemental Nutrition Assistance Program (SNAP) computer system in **2020 and 2023**, as revealed by federal audits. This system stores highly sensitive personal data of over **440,000 SNAP beneficiaries**, including private financial and identification details. The omission of these reviews was attributed to **resource constraints**, leaving the system vulnerable to **un detected security gaps, breaches, or fraud risks**. While the agency claimed compliance in **March 2024** under the new oversight of the Department of Children, Youth and Families (DCYF), beneficiaries expressed deep concerns over **data privacy and trust erosion** in public assistance programs. The exposed vulnerabilities could enable unauthorized access to confidential records, potentially leading to **identity theft, financial fraud, or misuse of personal information**. The audits explicitly warned that such negligence **heightens the likelihood of a breach**, though no confirmed incident was reported. The failure underscores systemic weaknesses in safeguarding critical welfare infrastructure, risking long-term reputational and operational damage.
Minnesota Department of Human Services cybersecurity rating report: https://www.rankiteo.com/company/minnesota-department-of-human-services
"id": "MIN3124431112425",
"linkid": "minnesota-department-of-human-services",
"type": "Vulnerability",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '440,000+ (SNAP Beneficiaries)',
'industry': 'Public Welfare',
'location': 'Minnesota, USA',
'name': 'Minnesota Department of Human Services (DHS)',
'type': 'Government Agency'},
{'customers_affected': '440,000+ (SNAP Beneficiaries)',
'industry': 'Public Welfare',
'location': 'Minnesota, USA',
'name': 'Minnesota Department of Children, Youth and '
'Families (DCYF)',
'type': 'Government Agency'}],
'customer_advisories': ['Public Statements by DCYF Commissioner Addressing '
'Concerns'],
'data_breach': {'personally_identifiable_information': ['Potential Exposure '
'(Names, Addresses, '
'Financial Data, '
'etc.)'],
'sensitivity_of_data': ['Personal Data of SNAP Beneficiaries '
'(High)']},
'date_publicly_disclosed': '2024-09-16',
'description': 'The Minnesota Department of Human Services (DHS) failed to '
'perform required security reviews of the computer system '
'critical to the Supplemental Nutrition Assistance Program '
'(SNAP) in 2020 and 2023. This oversight, attributed to a lack '
'of resources, left the system—containing personal data of '
'over 440,000 Minnesotans—vulnerable to potential breaches or '
'fraud. The system determines eligibility for SNAP benefits '
'and holds sensitive personal information. Audits warned that '
'undetected security gaps could increase risks. The issue was '
'addressed in 2024 by the newly formed Department of Children, '
'Youth and Families (DCYF), which certified its security plan '
'in March 2024 and is preparing for 2025 certification. Public '
'trust in the program has been impacted, with beneficiaries '
'expressing concerns over the security of their sensitive '
'data.',
'impact': {'brand_reputation_impact': ['Loss of Trust in Public Assistance '
'Programs'],
'customer_complaints': ['Concerns from SNAP Beneficiaries Over '
'Data Security'],
'identity_theft_risk': ['Potential Risk Due to Unsecured Personal '
'Data'],
'operational_impact': ['Increased Risk of Breaches',
'Potential Fraud',
'Erosion of Public Trust'],
'systems_affected': ['SNAP Eligibility Determination System']},
'initial_access_broker': {'high_value_targets': ['SNAP Eligibility System '
'Database']},
'investigation_status': 'Ongoing (Media Investigation by 5 INVESTIGATES; DCYF '
'Claims Remediation Underway)',
'lessons_learned': 'Regular security reviews and resource allocation are '
'critical to preventing vulnerabilities in systems '
'handling sensitive public welfare data. Delays in '
'compliance can erode public trust and increase risks of '
'fraud or breaches.',
'post_incident_analysis': {'corrective_actions': ['Security Plan '
'Certification (March 2024) '
'by DCYF',
'Ongoing Certification '
'Process for 2025',
'Media Engagement to '
'Rebuild Public Trust'],
'root_causes': ['Lack of Resources in DHS for '
'Security Reviews',
'Failure to Comply with Federal '
'Audit Requirements',
'Inadequate Oversight of Critical '
'Public Welfare Systems']},
'recommendations': ['Prioritize and fund mandatory security reviews for '
'systems handling sensitive data.',
'Implement continuous monitoring and third-party audits '
'to ensure compliance.',
'Enhance transparency with beneficiaries regarding data '
'security measures.',
'Allocate dedicated resources for cybersecurity within '
'public welfare agencies.'],
'references': [{'date_accessed': '2024-09-16',
'source': '5 INVESTIGATES (KSTP)',
'url': 'https://kstp.com/5-investigates/lack-of-security-reviews-left-minnesota-snap-system-vulnerable-to-breaches-fraud/'}],
'regulatory_compliance': {'regulations_violated': ['Federal Single Audit '
'Requirements for '
'Information System '
'Security Reviews']},
'response': {'communication_strategy': ['Public Statements by DCYF '
'Commissioner Tikki Brown',
'Media Coverage via 5 INVESTIGATES'],
'remediation_measures': ['Security Plan Review and Certification '
'(March 2024)',
'Ongoing Certification Process for '
'2025']},
'title': 'Lack of Security Reviews Left Minnesota SNAP System Vulnerable to '
'Breaches and Fraud',
'type': ['Security Oversight',
'Compliance Failure',
'Potential Data Vulnerability'],
'vulnerability_exploited': ['Lack of Security Reviews',
'Unpatched Security Gaps',
'Resource Constraints in DHS']}