ST PAUL, Minn. — More than 15,000 Metro Mobility customers may have had their personal information accessed in a data breach.

In a letter from the Metropolitan Council, customers were informed that an unauthorized person breached an employee's email account. The breach was discovered on Aug. 14.

According to Metro Mobility, the information from rides that were taken between about June 13 and Aug. 14 could have been accessed. That information includes:

  • Names
  • Pickup and drop-off addresses
  • Times of rides
  • Use of mobility aids
  • Special instructions for drivers about disabilities and needs
  • Phone numbers, in some cases

RELATED: Feds: Capital One suspect may have hacked more than 30 companies

RELATED: Hy-Vee investigates possible data breach incident

Metro Mobility is a shared public transportation wing for riders who can't use regular Metro Transit bus routes due to a disability or health condition.

The letter was sent to 15,200 people. Metropolitan Council says it doesn't know if the person viewed or took the information they could have accessed. 

Investigators don't believe that financial data was accessed, but as a "routine practice" they recommend that riders take precautions like monitoring personal credit reports.

RELATED: Congress wants Capital One, Amazon to explain data breach

RELATED: 'Nowhere near $125' | Feds warn you'll be 'disappointed' with Equifax settlement cash option

RELATED: How to protect your credit following massive Capital One data breach

"This was the result of a 'phishing' attack," Metropolitan Council spokesperson John Schadl tells KARE 11. "Some private data was exposed, but it did not include financial data or Social Security numbers. We deeply regret that this has happened and wish to extend our apologies to our customers."

Schadl said they have opened an investigation to figure out why the attack wasn't caught, and how to keep it from happening again.

St. Paul Police confirmed that they are investigating the breach. A police report was filed Aug. 16. Public Information Officer Mike Ernster said the compromised email account led to the access of customer information but no "financial loss."

Watch below or click here: 5 steps to protect yourself after a data breach