The City of Sandstone in Minnesota said it discovered a major ransomware event affecting its systems in April that compromised the personal information of citizens and employees.
Located in Pine County, Minnesota, the City of Sandstone is home to around 2,500 residents and carries the name thanks to a major sandstone quarry in its vicinity. The city was incorporated in 1920 through the merger of the villages of Fortuna and Sandstone and presently occupies an area of 5.43 square miles.
Earlier this week, the City announced that on April 8, 2026, it discovered disruptions to its computer systems and was able to quickly determine that it had been a victim of a ransomware attack.
Upon discovering the incident, the City called in outside cyber security experts to assist in stopping the ransomware attack and to investigate the nature and scope of the incident.
The City recently completed its investigation into the incident and confirmed that malicious actors behind the ransomware attack had exfiltrated the personal information of employees and residents, including their names, addresses, dates of birth, Social Security numbers, and banking account and routing numbers.
“We are committed to being transparent about this matter and have decided to provide identity monitoring for our employees, out of an abundance of caution,” the City said in a data breach incident notice. “We have also made arrangements for any concerned citizens to also take advantage of this free identity monitoring.”
The City did not reveal the number of employees and residents whose personal information was accessed by the hackers, but committed to provide assistance to all affected individuals through dedicated helplines as well as complimentary credit monitoring and identity protection services for those who would like to enroll.
The City said its systems are currently secure and its operations have returned to normal, but city administrator Kathy George told Comparitech that Sandstone City continues to respond to the cyber security incident and its investigation, being conducted with help from external cybersecurity professionals and law enforcement partners, remains ongoing.
The Qilin ransomware group recently announced that it conducted the ransomware attack on the City of Sandstone, but did not disclose how much data it had stolen from the City’s systems or how much ransom had been demanded. The City also remained tight-lipped about the identity of the hackers or whether a ransom had been paid to regain access to its systems.
