News Release

Data Incident Notification

Students walking on campus with fall colors all around

On August 9, 2024, a Google contact list associated with a University of Minnesota Department of Orthodontics email account was accessed through a phishing campaign and the email account was then used by a person outside the University to send a phishing email to email addresses on the contact list.

This incident was discovered on the same day the contact list was accessed and the account was immediately closed to prevent further unauthorized use. The contact list included 1,331 individuals who also were patients of the Department of Orthodontics; the only information on the contact list for these individuals was either an email address alone or an email address and a name (partial or full). No individual’s status as a patient was indicated on the contact list. No medical treatment or financial or other information related to these individuals was available on the contact list or otherwise accessed.

On August 9, 2024, after learning of the unauthorized use of this account, the University of Minnesota Department of Orthodontics notified its contact list informing those contacts to disregard the email and any links or attachments associated with the email. Notices about this incident have also been sent via U.S. Mail to potentially affected individuals. This incident did not impact University operations or any other accounts. The University has taken additional security measures regarding the sole impacted account, as well as implementing additional security awareness training against phishing and phishing related incidents.

The University takes the security of information seriously and continues to work diligently to prevent similar incidents from occurring in the future. Media with questions regarding this notice may contact [email protected]. Individuals with questions regarding this notice may contact [email protected].

Media Contacts

Main Line

University Public Relations
612-624-5551