The city of Sandstone, Minnesota this week notified residents of an April 2026 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Financial account numbers and routing numbers
- Addresses
- Dates of birth
A cybercriminal group called Qilin took credit for the breach on May 4, 2026. Qilin is a high-profile ransomware gang responsible for hundreds of attacks in the past few years.
Sandstone officials cited ransomware as the cause of the breach but have not acknowledged Qilin’s claim. We do not know how many people the city notified, if the city paid a ransom, how much Qilin demanded, or how attackers breached the city’s network.
“On or about April 8, 2026, the City discovered disruptions to our computer systems. We quickly determined we were the victim of a ransomware incident,” says the city’s notice (PDF) to victims.
“Due to the nature of ransomware, it is possible that private data may have been accessed by the perpetrators of the incident.”
Sandstone is offering breach victims free credit monitoring. To enroll, send an email to monitoring@sandstonemn.gov.
Who is Qilin?
Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets organizations with phishing emails to spread its ransomware. The group runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
In 2026 to date, Qilin has claimed responsibility for 557 ransomware attacks. Of those, 46 were confirmed by the organizations targeted.
Eight of Qilin’s confirmed attacks this year hit government entities. Three of them were in the USA:
- Tulsa International Airport reported a January 2026 data breach
- The city of Seal Beach and the Seal Beach Police Department reported a March 2026 data breach
- Rusk County, WI reported a March 2026 data breach
Ransomware attacks on US government
Comparitech researchers have logged 22 confirmed ransomware attacks on US government entities in 2026 to date. We confirmed the following attacks in April:
- Winona County, MN reported a data breach claimed by Interlock
- Kent District Library in Michigan reported a data breach claimed by Interlock
- Ardmore, OK reported attackers demanded $300,000 in ransom after a data breach
- Adams County, MS refused to pay a ransom following a data breach
- Harrison County Commission in West Virginia reported a data breach claimed by SafePay
In addition to the breach listed above, Winona County also notified 6,196 people about a separate data breach in January 2026.
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Sandstone, Minnesota
Sandstone is home to about 2,500 people in Pine County, Minnesota.