In an online overview published on Nov. 9, the government of Maine confirmed that a group of cybercriminals exploiting the now-infamous vulnerability in the MOVEit file-transfer tool to allow them access to files belonging to the State of Maine between May 28 and 29.
This cyber incident was limited to Maine’s MOVEit server, according to the Maine government website, and no other networks or systems belonging to the state were affected. However, the breach exposed information on 1.3 million individuals, with the type of data affected for each varying person to person. The information that may have been impacted includes names, Social Security numbers (SSNs), dates of birth, driver’s license or state identification numbers, taxpayer identification numbers, medical information, and health insurance information.
Once the state became aware of the breach, it secured its information by blocking Internet access from the MOVEit server. It also implemented security measures as directed by Progress Software and launched an investigation of the cyber incident alongside legal counsel and cybersecurity experts.
The state of Maine is just the latest target to come to light in a lengthy string of MOVEit attacks, in which victims include Shell (where employees were affected), Gen Digital, National Student Clearinghouse, Maximus Inc., Estée Lauder, and a government department in Colorado, among many others.
“Yet again, we see the MOVEit exploit continuing to hit new victims across all sectors, with more than 640 recorded so far,” said Darren Williams, CEO and founder at BlackFog, in an emailed statement. “The catastrophic fallout from this hack has demonstrated a cold reality: a significant number of organizations are not prepared to fend off sophisticated breaches.”
Maine Resources for Data Breach Victims
Individuals can contact Maine’s call center to find out if their data was affected; they will be offered two years of credit monitoring and identity theft protection services if their SSN or taxpayer identification numbers were involved. The state is also currently notifying individuals who have been affected by this breach through various channels, including emails and letters by mail.
“We encourage you to remain vigilant by regularly reviewing your accounts and monitoring credit reports for suspicious activity,” according to a statement on the breach on the Maine website.
“Governments, in particular, bear a critical responsibility to secure the masses of data belonging to their residents,” Williams said. “They must prioritize the adoption of cutting-edge technologies and proactive strategies to lock down their data and ensure the utmost protection for their citizens.”