The state of Maine experienced a data breach in May that impacted approximately 1.3 million people, affecting personal data including names, Social Security numbers, and health insurance information. The breach was part of a larger cyberattack that exploited a vulnerability in the MOVEit file-transfer system, which also affected several U.S. federal departments. The state has since implemented recommended security measures, launched an investigation into the incident, and is offering two years of credit monitoring and identity theft protection services to those affected.
Maine Reveals Data Breach Impacting 1.3 Million People
The state of Maine revealed on Thursday that a data breach earlier this year impacted about 1.3 million people. The breach occurred in May and was part of a colossal cyberattack that exploited a vulnerability in the extensively used MOVEit file-transfer system. Several U.S. federal agencies, such as the Department of Energy and Department of Health and Human Services (HHS), were also affected.
Nature of the Breached Data
The compromised data in Maine, with a population of approximately 1.38 million, included names, Social Security numbers, birth dates, driver’s license or state ID numbers, taxpayer identification numbers, medical data, and health insurance details. Over 50% of data from Maine’s Department of Health and Human Services and between 10% and 30% of data from the state’s Department of Education were compromised during the cyberattack. Several other departments faced the attack to a lesser degree.
Response to the Data Breach
Upon learning about the breach, Maine immediately blocked internet access to and from the MOVEit server, and enforced security measures suggested by the owning company. The state also enlisted external cybersecurity experts to investigate the scope and nature of the incident and conducted a comprehensive investigation to identify the impacted information.
Victims whose Social Security numbers or taxpayer identification numbers were involved in the breach are eligible for two years of credit monitoring and identity theft protection services, as stated in Thursday’s press release.
Global Impact of the Cyberattack
Reportedly organized by a Russian ransomware group, the attack has affected over 70 million people globally, as per an ongoing count by anti-malware company Emsisoft. The breach also compromised approximately 6 million records at the Louisiana Department of Motor Vehicles and impacted about 4 million people via the Colorado Department of Health Care Policy and Financing, and 3.5 million others through the Oregon Department of Transportation.