Hennepin County first-responder data leak: about 1,500 officers and infrastructure staff exposed in 2020
In 2020, personal information for roughly 1,500 first responders and critical infrastructure personnel in Hennepin County, Minnesota was published online after a vendor breach. The leak followed the unrest after the killing of George Floyd.
What happened
The Minnesota Reformer reported in July 2020 that personal information on approximately 1,500 first responders and critical infrastructure workers in Hennepin County had been published online following a hack of a vendor that served the Minnesota Bureau of Criminal Apprehension and the Hennepin County Sheriff's Office. The exposed data included names, work locations, and other identifying information. The leak coincided with the period of national unrest following the killing of George Floyd in Minneapolis, when officers and their families faced heightened targeting.
What happened
On July 10, 2020, the Minnesota Reformer reported that personal information for roughly 1,500 Minnesota first responders and critical infrastructure personnel had been published online. The leak came from a hack of a vendor that worked with the Minnesota Bureau of Criminal Apprehension and the Hennepin County Sheriff's Office. The exposed data included names, work locations, and other identifying information.
The leak hit during a period of intense focus on Minneapolis-area law enforcement after the killing of George Floyd in May 2020. Officers and their families were already facing elevated targeting; the leak added an additional vector.
How it started
The breach was traced to a vendor in the law enforcement supply chain, not to BCA or the Sheriff's Office directly. That detail matters. Officer data lives in many hands: training systems, accreditation bodies, payroll vendors, body-camera vendors, scheduling tools. Each is a potential source.
The Reformer's reporting noted the published data was distributed broadly online, making after-the-fact recovery effectively impossible. Once the data is in circulation, removal becomes about cutting off republication on broker pages rather than recovering the original leak.
What this means for you
Minnesota's Safe at Home program is one of the better address-confidentiality programs in the country and explicitly accommodates first responders for property-records protection (Minn. Stat. § 13.045). DMV confidentiality (Minn. Stat. § 171.12) covers your driver's license records.
Both stop the state from publishing your address. Neither stops Whitepages or Spokeo from republishing it. After a leak like this one, broker removal is the layer that actually stays current. We do that work and re-do it when the listings come back.
Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.
What would have prevented this
When a vendor your agency relies on gets breached, your information ends up online and you find out from a news story. Minnesota's Safe at Home program (Minn. Stat. Ch. 5B) gives officers a real address-confidentiality option, including for property records (Minn. Stat. § 13.045). It does not reach what brokers republish from leaked data. We monitor and remove broker listings continuously, so the data from a leak like this one doesn't become a permanent online address.
Public sources
- Personal information of Minnesota law enforcement, critical infrastructure personnel published online after massive hack — Minnesota Reformer, 2020-07-10