In a letter from the Metropolitan Council, customers were informed that an unauthorized person breached an employee's email account.

ST PAUL, Minn. — More than 15,000 Metro Mobility customers may have had their personal information accessed in a data breach.

In a letter from the Metropolitan Council, customers were informed that an unauthorized person breached an employee's email account. The breach was discovered on Aug. 14.

According to Metro Mobility, the information from rides that were taken between about June 13 and Aug. 14 could have been accessed. That information includes:

Names

Pickup and drop-off addresses

Times of rides

Use of mobility aids

Special instructions for drivers about disabilities and needs

Phone numbers, in some cases

Metro Mobility is a shared public transportation wing for riders who can't use regular Metro Transit bus routes due to a disability or health condition.

The letter was sent to 15,200 people. Metropolitan Council says it doesn't know if the person viewed or took the information they could have accessed.

Investigators don't believe that financial data was accessed, but as a "routine practice" they recommend that riders take precautions like monitoring personal credit reports.

"This was the result of a 'phishing' attack," Metropolitan Council spokesperson John Schadl tells KARE 11. "Some private data was exposed, but it did not include financial data or Social Security numbers. We deeply regret that this has happened and wish to extend our apologies to our customers."

Schadl said they have opened an investigation to figure out why the attack wasn't caught, and how to keep it from happening again.

St. Paul Police confirmed that they are investigating the breach. A police report was filed Aug. 16. Public Information Officer Mike Ernster said the compromised email account led to the access of customer information but no "financial loss."