State of Maine Becomes Latest MOVEit Victim to Surface
The state said 1.3 million individuals have been affected by this breach, which includes Social Security numbers and taxpayer information.
November 9, 2023
In an online overview published on Nov. 9, the government of Maine confirmed that a group of cybercriminals exploiting the now-infamous vulnerability in the MOVEit file-transfer tool to allow them access to files belonging to the State of Maine between May 28 and 29.
This cyber incident was limited to Maine's MOVEit server, according to the Maine government website, and no other networks or systems belonging to the state were affected. However, the breach exposed information on 1.3 million individuals, with the type of data affected for each varying person to person. The information that may have been impacted includes names, Social Security numbers (SSNs), dates of birth, driver's license or state identification numbers, taxpayer identification numbers, medical information, and health insurance information.
Once the state became aware of the breach, it secured its information by blocking Internet access from the MOVEit server. It also implemented security measures as directed by Progress Software and launched an investigation of the cyber incident alongside legal counsel and cybersecurity experts.
The state of Maine is just the latest target to come to light in a lengthy string of MOVEit attacks, in which victims include Shell (where employees were affected), Gen Digital, National Student Clearinghouse, Maximus Inc., Estée Lauder, and a government department in Colorado, among many others.
"Yet again, we see the MOVEit exploit continuing to hit new victims across all sectors, with more than 640 recorded so far," said Darren Williams, CEO and founder at BlackFog, in an emailed statement. "The catastrophic fallout from this hack has demonstrated a cold reality: a significant number of organizations are not prepared to fend off sophisticated breaches."
Maine Resources for Data Breach Victims
Individuals can contact Maine's call center to find out if their data was affected; they will be offered two years of credit monitoring and identity theft protection services if their SSN or taxpayer identification numbers were involved. The state is also currently notifying individuals who have been affected by this breach through various channels, including emails and letters by mail.
"We encourage you to remain vigilant by regularly reviewing your accounts and monitoring credit reports for suspicious activity," according to a statement on the breach on the Maine website.
"Governments, in particular, bear a critical responsibility to secure the masses of data belonging to their residents," Williams said. "They must prioritize the adoption of cutting-edge technologies and proactive strategies to lock down their data and ensure the utmost protection for their citizens."
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024