Malware
Breaking News: Maine Government Issues Urgent Alert to 1.3 Million Citizens Regarding Alarming MOVEit Data Breach
The Maine government has alerted 1.3 million individuals about a data breach through the secure file transfer service, MOVEit. The breach occurred due to a misconfiguration issue, potentially exposing personal information. Affected individuals are advised to monitor their accounts for suspicious activity and take necessary precautions. The government has initiated corrective actions to prevent similar incidents in the future.
Maine Government Notifies 1.3 Million People of MOVEit Data Breach
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million individuals, which is close to the state’s entire population.
MOVEit attacks were part of a massive data theft campaign from the Clop ransomware gang who, on May 27, started to exploit a zero-day vulnerability in the software product.
Various Maine state agencies were among the thousands of organizations worldwide using the Progress Software data transfer product, as reported by Emsisoft.
“On May 31, 2023, the State of Maine became aware of a software vulnerability in MOVEit, a third-party file transfer tool owned by Progress Software and used by thousands of entities worldwide to send and receive data,” reads the press release.
“The software vulnerability was exploited by a group of cybercriminals and allowed them to access and download files belonging to certain agencies in the State of Maine between May 28, 2023, and May 29, 2023” – The State of Maine
Exposed Information
The exposed information belonging to 1.3 million individuals, including minors, concerns the following data types:
- Full name
- Social Security number (SSN)
- Date of birth
- Driver’s license
- State identification number
- Taxpayer identification number
- Health insurance information
The exact data types exposed for each individual varies depending on their interaction with Maine’s state agencies.
Impacted Agencies
The most impacted agency was Maine’s Department of Health and Human Services, followed by the Maine Department of Education.
Other departments affected by the MOVEit breach, albeit to a lesser extent, are the Administrative and Financial Services, Workers’ Compensation, Bureau of Motor Vehicles, Corrections, Economic and Community Development, Professional and Financial Regulation, and Labor.
Notification and Protection Services
The State of Maine explains that the delay in notifying the public about the exposure of sensitive data was due to conducting a thorough investigation.
All affected citizens whose SSNs or tax information was exposed will receive notifications with instructions for opting for free-of-charge two-year credit monitoring and identity theft protection services. The notifications can be found here.
Recipients are advised to regularly monitor their financial accounts for suspicious activity or charges they don’t recognize and contact their bank and/or law enforcement authorities to report it as soon as possible.
The State of Maine has also set up a dedicated call center to address people’s concerns about this security incident at (877) 618-3659 (Monday to Friday, 9 AM to 9 PM ET).