Maine State Agencies Fall Victim to Ransomware Hack

Maine’s state agencies are the latest victims in the far-reaching MOVEit file transfer tool hack.

The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state’s whole population. The state first caught wind of the software vulnerability in MOVEit on May 31 this year and found that cybercriminals were able to access and download files from its various agencies on May 28 and 29.

While the nature of stolen data varies per person based on their interaction with a particular agency, the notice says that the bad actors had stolen names, Social Security numbers, birthdates, driver’s license and state identification numbers, as well as taxpayer identification numbers. In some cases, they were also able to get away with people’s medical and health insurance information. Over 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.

Cybercriminals Targeting Government Agencies and Companies

Cybercriminals exploiting the vulnerability haven’t only been targeting the government, but also companies around the world. The Clop ransomware gang, believed to be behind the series of incidents, has taken credit for the hack of the New York City Department of Education, where the personal information of approximately 45,000 students was stolen. Another victim is Maximus Health Services, Inc., a US government contractor, whose breach has been the largest MOVEit-related incident to date. The Securities and Exchange Commission is currently investigating MOVEit creator, Progress Software, regarding the hack.

Protecting Residents of Maine

The state government quickly took action to protect its residents once it became aware of the ransomware attack. Internet access to and from the MOVEit server was immediately blocked. However, since personal information had already been compromised, the state is offering two years of complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers and taxpayer identification numbers were stolen.

Source: Basically all of Maine had data stolen by a ransomware gang