Maine government says data breach affects nearly all state residents


The government of Maine, the northeasternmost US state, appears to have become the latest victim of the MOVEit data breach incident.

The state's government published a statement claiming the attackers stole sensitive citizen data between May 28 and May 29 2023, but that it had just completed notifying the affected people and disclosing the incident to relevant authorities.

More than 1.3 million people live in Maine, and the attackers stole sensitive data that can be used for identity theft, wire fraud, phishing, and more, and include full name, date of birth, Social Security number, driver’s license, and other state or taxpayer identification numbers. Some people have also had their medical and health insurance information stolen, too.

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Negotiating the release of data

The government claims it needs this information “for various reasons, such as residency, employment, or interaction with a state agency.”

Maine is not the first public organization or government to fall victim to Cl0p’s MOVEit shenanigans. Ontario’s birth registry; the states of Colorado, Oregon, and Louisiana; as well as U.S. government contractor Maximus, have all ended up on Cl0p’s data leak page. The U.S.: Department of Energy, as well as a number of other federal agencies, were affected, too. In total, more than 2,500 organizations worldwide were affected by the MOVEit incident, some reports are saying.

So far, Cl0p has yet to list Maine on its data leak site, meaning it probably still hasn’t started its negotiations over its ransom demand. Ransomware threat actors usually ask for money in cryptocurrency, in exchange for not leaking sensitive data on the dark web. This particular threat actor is most likely of Russian origin, and is to blame for September being a record-breaking month in terms of ransomware infections.

Via TechCrunch

More from TechRadar Pro