The State of Maine is grappling with a significant cybersecurity incident, as threat actors exploited a vulnerability in the MOVEit file transfer tool, impacting approximately 1.3 million individuals. The breach, orchestrated by the Cl0p ransomware gang, unfolded as part of a broader data theft campaign. The vulnerability, identified on May 31, 2023, allowed cybercriminals to access and download files from specific state agencies between May 28 and May 29.
Furthermore, the compromised data includes sensitive information such as full names, Social Security numbers, dates of birth, driver’s licenses, and health insurance details, with the most affected agencies being Maine’s Department of Health and Human Services and the Maine Department of Education.
At the same time, the State of Maine attributes the delay in public notification to the necessity of conducting a thorough investigation into the breach. Affected citizens, encompassing minors, will receive notifications offering free two-year credit monitoring and identity theft protection services for those whose SSNs or tax information was exposed.
Recipients are advised to remain vigilant, regularly monitoring financial accounts for any suspicious activity and promptly reporting unrecognized charges to their bank or law enforcement. To address concerns, the State of Maine has established a dedicated call center operating Monday to Friday from 9 AM to 9 PM ET.
This breach highlights the pervasive impact of cyber threats on state systems and the critical need for robust cybersecurity measures to safeguard sensitive information and ensure prompt incident response.