November 10, 2023 at 11:24AM
The State of Maine suffered a breach after threat actors exploited a vulnerability in the MOVEit file transfer tool. Approximately 1.3 million individuals’ personal information was accessed, including names, Social Security numbers, birth dates, driver’s licenses, and health insurance details. Maine’s Department of Health and Human Services and Department of Education were the most impacted. Affected individuals will receive notifications and free credit monitoring services. For concerns, a dedicated call center has been set up.
Key Takeaways from Meeting Notes:
1. The State of Maine experienced a data breach, with threat actors exploiting a vulnerability in the MOVEit file transfer tool.
2. The breach impacted approximately 1.3 million individuals, nearly the entire population of the state.
3. The Clop ransomware gang was responsible for the data theft campaign, exploiting a zero-day vulnerability in the MOVEit software.
4. Progress Software owns the MOVEit tool, which is used by thousands of organizations globally.
5. The breach occurred between May 28, 2023, and May 29, 2023.
6. The compromised personal information includes full names, Social Security numbers, dates of birth, driver’s licenses, state identification numbers, taxpayer identification numbers, and health insurance information.
7. The extent of exposed data varies depending on individuals’ interactions with Maine’s state agencies.
8. The Department of Health and Human Services and the Department of Education were the most impacted agencies.
9. Other departments affected, although to a lesser extent, include Administrative and Financial Services, Workers’ Compensation, Bureau of Motor Vehicles, Corrections, Economic and Community Development, Professional and Financial Regulation, and Labor.
10. The State of Maine conducted a thorough investigation, resulting in a delay in public notification.
11. Affected individuals will receive notifications and have the option to sign up for free two-year credit monitoring and identity theft protection services.
12. Citizens are advised to monitor their financial accounts for suspicious activity and report any unrecognized charges to their bank and/or law enforcement authorities.
13. A dedicated call center has been set up to address concerns related to the security incident, reachable at (877) 618-3659, Monday to Friday, 9 AM to 9 PM ET.