Earlier this year, the State of Maine experienced a data breach that impacted up to 1.3 million individuals. This breach, believed to be the work of the ransomware group Clop [9], exploited a vulnerability in the MOVEit file-transfer system used by the Maine government [1].
Description
Between May 28 and May 29, 2023 [2] [4], hackers gained unauthorized access to the MOVEit system, affecting various state agencies [1], pension funds [5] [6], and private businesses in Maine. The stolen personal information includes full names, dates of birth [1] [3] [4] [5] [6] [7] [9], Social Security numbers [1] [3] [4] [5] [6] [7] [9] [10], driver’s licenses [1] [3] [4] [5] [6] [7] [9] [10], and other identification numbers [1] [3] [4] [7] [10]. Some individuals also had their medical and health insurance information compromised [1] [4]. The stolen data poses risks of identity theft [4], wire fraud [4], and phishing attacks [4].
The ransomware gang responsible for the breach, known as Clop [9], has not yet released the stolen data [10]. However, it is important to exercise caution regarding their claims of deleting government data. The maker of MOVEit [1] [8], Progress Software [1] [2] [10], has been subpoenaed by the US Securities and Exchange Commission for documents and information related to the vulnerability [1].
The State of Maine took immediate action to secure its information and launched an investigation with the assistance of cybersecurity experts [7]. Measures were implemented, such as blocking internet access to the MOVEit server and applying recommended security patches [3]. The state government has completed its assessment of the impacted files and is actively notifying affected individuals through various communication channels [3]. Individuals affected by the breach are advised to contact the state for more information [9].
To mitigate the impact on those whose Social Security numbers or taxpayer identification numbers were involved, the state government is offering two years of complimentary credit monitoring and identity theft protection services [3] [10].
Conclusion
The data breach in Maine has had significant implications, potentially exposing sensitive personal information and increasing the risk of identity theft and fraud. The state government has taken immediate steps to secure its systems and is actively notifying affected individuals. Offering complimentary credit monitoring and identity theft protection services is a proactive measure to mitigate the impact on those affected. Moving forward, it is crucial for organizations to prioritize cybersecurity and regularly update their systems to prevent similar breaches in the future.
References
[1] https://news.yahoo.com/maine-government-says-data-breach-221535345.html
[2] https://www.theverge.com/2023/11/10/23955767/maine-says-moveit-hackers-accessed-the-information-of-1-3-million-people
[3] https://finance.yahoo.com/news/state-maine-impacted-global-moveit-160000227.html
[4] https://www.techradar.com/pro/security/maine-government-says-data-breach-affects-nearly-all-state-residents
[5] https://apnews.com/article/maine-moveit-file-transfer-software-breach-a9fe2cc1c826e55c2b5cdeb538e9b9b6
[6] https://spectrumlocalnews.com/me/maine/news/2023/11/10/data-breach-file-transfer
[7] https://www.darkreading.com/attacks-breaches/state-maine-latest-moveit-victim
[8] https://www.thinkadvisor.com/2023/11/10/state-of-maine-moveit-breach-exposes-1-3m-peoples-data/
[9] https://mashable.com/article/maine-moveit-ransomware-attack
[10] https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html