The state agencies of Maine have become the latest victims of cybercriminals who exploited a vulnerability in the MOVEit file transfer tool. This incident has added Maine to the growing list of entities affected by the massive hack involving the software. According to a notice published by the Maine government, the cybersecurity incident impacted approximately 1.3 million individuals, which essentially comprises the entire population of the state.
The state first discovered the software vulnerability in MOVEit on May 31st of this year. Upon investigation, it was determined that cybercriminals had accessed and downloaded files from various agencies on May 28th and 29th. The stolen data varies per person based on their interaction with a particular agency. The notice revealed that the bad actors had stolen names, Social Security numbers, birthdates, driver’s license and state identification numbers, as well as taxpayer identification numbers. In some cases, individuals’ medical and health insurance information was also compromised. More than 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.
Upon learning of the incident, the state government promptly blocked internet access to and from the MOVEit server. Despite this action, individuals’ information had already been stolen. As a result, the government is offering two years of complimentary credit monitoring and identity theft protection services to those whose Social Security numbers and taxpayer numbers were compromised.
According to a report by TechCrunch, the Clop ransomware gang, which is believed to be behind previously reported incidents, has not yet released data stolen from Maine’s agencies. Clop was also responsible for a previous hack involving the New York City Department of Education, where the information of approximately 45,000 students was stolen.
Related Post
The cybercriminals exploiting the vulnerability in MOVEit have not only targeted the government but also companies around the world. For instance, Sony and Maximus Health Services, Inc., a US government contractor, have both been affected by similar incidents. In fact, the breach at Maximus Health Services, Inc. has been reported as the biggest MOVEit-related incident thus far.
The Securities and Exchange Commission is actively investigating MOVEit creator Progress Software. The SEC has sent the company a subpoena and is currently in the “fact-finding inquiry” phase of its probe.
This recent cyberattack on Maine’s state agencies is just the latest in a series of high-profile incidents involving the exploitation of the MOVEit software vulnerability. It is becoming increasingly clear that cybercriminals are actively targeting organizations and government entities, posing a significant threat to the security of sensitive data worldwide. As the investigation into the incident continues, it is imperative for all organizations to remain vigilant and prioritize cybersecurity measures to protect against future attacks.
