City leaders in St. Paul now know what group was behind a cyber attack that shut down some online services last month.
Mayor Melvin Carter on Monday said the hackers were a group called "Interlock", which has taken credit for the breach.
It was ransomware attack, and Carter says the city is feeling the consequences.
"After we refused to pay the ransom, they chose to post the data publicly, without trying to sell it," said Carter, who revealed for the first time that the hackers stole 43 gigabites of data from St. Paul.
"While the scope of what they published against us is far smaller than what they've accomplished elsewhere, the fact remains, someone was inside our systems," Carter said.
"Once that happens, there's no way to guarantee that they could not have accessed more."
Carter said the affected data did not include information on payroll, permitting, or licensing, and the city is offering 12 months of credit monitoring and identify theft protection insurance to every city worker.
That includes full-time, part-time, and seasonal employees.
"Whether their data was released in this breach or not," he said.
City IT personnel are still reconstructing the city's computer systems, which Carter earlier said might be finished this week for nearly four-thousand city workers.
As of Monday night, they have already updated computers and passwords for about half that many.
Among the services still not available are public library Wy-Fy and online water bill payments.