The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, that’s more or less the the entire population of Maine.
The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit Transfer. This vulnerability is known to be used by the Cl0p ransomware gang.
The type of stolen data varies from person to person, likely because the data breach affected multiple agencies in the State. More than 50% of the data exposed in the breach came from Maine’s Department of Health and Human Services, while between 10 and 30% came from the state’s Department of Education. The breach also impacted several other departments.
For what we can gather, the cybercriminals may have obtained names, Social Security numbers (SSN), dates of birth, driver’s licenses, state identification numbers, and taxpayer identification numbers. The stolen data may involve certain types of medical information and health insurance for some individuals.
Progress Software, who make MOVEit Transfer, issued a patch for the exploited vulnerability on May 31, 2023. However, the State of Maine says the cybercriminals gained access and started downloading files between May 28 and 29, 2023, before the patch was available.
Data breach
The State of Maine is encouraging people to contact Maine’s dedicated call center to find out if their data was involved or if they have questions about this incident. The phone number is (877) 618-3659, with representatives available from Monday to Friday, 9 AM to 9 PM ET.
If your Social Security Number or taxpayer identification number is involved, the call center will provide you with a complimentary credit monitoring code which give you two years of credit monitoring and identity theft protection services.
If you suspect your data has been stolen, it’s worth watching out for people posing as the State of Maine. There’s nothing like a data breach to bring out the scammers, and they will be looking to target people affected by the breach. If someone does contact you, make sure to verifying they are who they say they are using another communication channel. Watch out for phishing emails, too.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your and your family’s personal information by using Malwarebytes Identity Theft Protection.