(CTN News) – There has been a security breach at the State level in the State of Maine after threat actors exploited a vulnerability in MOVEit’s file transfer tool to access the personal information of about 1.3 million people, which is about half of the entire population of the state.
A zero-day vulnerability in MOVEit software was exploited by the Clop ransomware gang on May 27, 2011 as part of a massive data theft campaign by the Clop ransomware gang.
In addition to Maine state agencies, Progress Software’s data transfer software has been used by thousands of organizations worldwide over the past few years.
In a press release issued by the State of Maine on May 31, 2023, it was announced that thousands of organizations worldwide are using a third-party file transfer tool called MOVEit to send and receive data, which was owned by Progress Software and used by thousands of entities.
Information belonging to 1.3 million individuals, including minors, has been exposed and consists of the following types of data:
Name in full
Number of Social Security Numbers (SSNs)
Born on the following date:
A valid driver’s license
Numéro d’identification de la state
Identification number of the taxpayer
Information about health insurance
Each individual will be exposed to a different set of data types depending on their interactions with Maine’s state agencies during their lifetime.
In terms of the number of employees affected, Maine’s Department of Health and Human Services was the most affected, followed by Maine’s Department of Education.
The MOVEit breach has also affected the following departments, although to a lesser extent, the Administrative and Financial Services, Workers’ Compensation, Bureau of Motor Vehicles, Corrections, Economic and Community Development, Professional and Financial Regulation, and Labor departments.
It is understood that the delay in notifying the public about the exposure of sensitive data is a result of the thorough investigation the State of Maine carried out before notifying the public about the exposure.
There will be notifications sent to all affected citizens whose Social Security numbers or tax information were exposed, along with instructions on how to sign up for free two-year credit monitoring and identity theft protection services.
We recommend that recipients regularly monitor their financial accounts for any suspicious activity or charges they do not recognize and contact their bank or law enforcement authorities as soon as possible to inform them of any suspicious activity or charges.
Maine has also established a dedicated call center to handle people’s concerns about this security incident, which can be reached at (877) 618-3659 (Monday to Friday, 9 AM to 9 PM Eastern Time).