Cyber Incident Report — July 2, 2026
RE: Investigation Report per Minn. Stat. § 13.055
On July 25, 2025, the City’s cybersecurity systems detected suspicious activity involving compromised accounts tied to a critical backup server. The City immediately deactivated the accounts, isolated affected servers, and began enhanced monitoring.
On July 26, the City engaged a cybersecurity vendor—a nationally recognized incident response firm—to help contain the threat and conduct a forensic investigation. By July 27, the City took additional precautions by disabling VPN access for most employees to prevent further attacker movement across the network. On July 28, the City shut down the broader network to stop the attacker and eradicate them from City systems. During this time, the City also partnered closely with law enforcement.
On August 11, 2025 a set of data was exposed on the threat actor's leak site after the City refused to pay a demanded ransom. The exposed material came from a Parks and Recreation network drive, and did not include core city service-related data. The City immediately began a careful review of the data to determine what was accessed and who may have been affected.
Collectively, the data security breach involved the theft of approximately 43 gigabytes of data. This included personal identifying information on a total of 12,484 individuals, including some current and former employees, interns, volunteers, and participants in the City’s Parks recreational activities. The impacted non-public data included names, addresses, telephone numbers, dates of birth, and Social Security numbers. Due to the volume of the information, the City worked with an outside vendor to review this data and identify all affected individuals.
Upon completion of the cataloguing and verification of the potentially improperly accessed data, the City provided notifications to affected persons required under Minnesota law.