Photo:
‘Maine’s state agencies fall prey to the extensive breach of MOVEit file transfer tool.’
The state agencies of Maine have recently fallen victim to a cyberattack, adding to the growing number of entities affected by a major hack involving the MOVEit file transfer tool. According to a notice published by the government, approximately 1.3 million individuals, which is equivalent to the state’s entire population, have been impacted by the cybersecurity incident. The state first became aware of the vulnerability in MOVEit on May 31, and it was discovered that cybercriminals had accessed and downloaded files from various agencies on May 28 and 29.
The stolen data varies depending on the individual’s interaction with a particular agency, but the hackers were able to obtain names, Social Security numbers, birth dates, driver’s license and state identification numbers, as well as taxpayer identification numbers. In some cases, medical and health insurance information was also compromised. The majority of the stolen data, over 50 percent, came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.
As a response to the incident, the state government immediately blocked internet access to and from the MOVEit server. However, since the cybercriminals had already obtained residents’ information, the government is offering two years of complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers and taxpayer numbers were compromised. It is worth noting that the Clop ransomware gang, believed to be responsible for previous incidents, has not yet released the stolen data from Maine’s agencies.
This cyberattack is part of a larger trend, as cybercriminals have been targeting not only government agencies but also companies worldwide. Sony, for example, has also been a victim of such attacks. Maximus Health Services, Inc., a US government contractor, experienced the biggest MOVEit-related incident to date.
The Securities and Exchange Commission is currently investigating Progress Software, the creator of MOVEit, although it has only recently issued a subpoena to the company and is still in the early stages of its fact-finding inquiry.