MOVEit Data Breach Hits Maine: 1.3 Million Individuals Affected

The government of Maine recently disclosed that approximately 1.3 million residents fell victim to a massive data breach earlier this year, out of a population of 1.37 million. The breach, which occurred in May, was part of a widespread cyberattack that exploited a vulnerability in the widely used MOVEit file-transfer system, impacting not only Maine but also several U.S. federal agencies, including the Department of Energy and the Department of Health and Human Services (HHS).

The compromised data, as detailed by Maine officials, encompassed sensitive information such as names, Social Security numbers, dates of birth, driver’s license or state identification numbers, taxpayer identification numbers, medical records, and health insurance details. This extensive breach underscores the severity of the cyberattack, exposing a wealth of personal and confidential data.

Maine's Department of Health and Human Services bore the brunt of the breach, with over 50 percent of the exposed data originating from this department. The state's Department of Education, along with several other departments, also suffered significant impacts, with data exposure ranging from 10 to 30 percent.

In response to the breach, Maine took immediate action by blocking internet access to and from the compromised MOVEit server. Additionally, the state implemented security measures recommended by the tool's owning company. The gravity of the situation prompted the engagement of external cybersecurity experts to investigate the nature and scope of the incident thoroughly. An extensive inquiry was conducted to identify the specific information that had been compromised.

The cyberattack, reportedly orchestrated by a Russian ransomware group, has had global ramifications, impacting more than 70 million people worldwide, according to anti-malware company Emsisoft. The fallout from the breach extended beyond Maine, affecting approximately 6 million records at theLouisiana Department of Motor Vehicles and impacting around 4 million people through the Colorado Department of Health Care Policy and Financing. Furthermore, an additional 3.5 million individuals were affected through the Oregon Department of Transportation.

Individuals affected by the breach, particularly those whose Social Security numbers or taxpayer identification numbers were exposed, are eligible to receive two years of credit monitoring and identity theft protection services, according to the official press release issued on Thursday.

As the affected entities grapple with the aftermath of this large-scale breach, questions arise about the overall security infrastructure in place and the collective efforts needed to combat the escalating threat landscape in the realm of cyberspace.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.