- Maine officials told residents their data may have been hacked
- The state is home to 1.37 million people and 1.3 million people have had their data stolen
- READ MORE: Russian hackers blamed for massive cyberattack
Data of 1.3 million people living in Maine was stolen in an international cybersecurity breach by a Russian gang; the state has 1.37 million inhabitants.
The Department of Administrative and Financial Services is notifying residents of the incident, revealing their dates of birth, driver’s license numbers, social security numbers, and health and medical information that may have been stolen during the hack.
The attack was a “global cybersecurity incident” on May 28 and 29 involving the file transfer tool MOVEit, which also saw access to 632,000 US federal employees within the US Departments of Defense and Justice during the breach.
Other government agencies, large pension funds and private companies have also been affected.
The state said it was beginning to take steps to fix the vulnerability and was contacting experts and legal counsel.
Data belonging to 1.3 million people living in Maine was stolen in an international cybersecurity breach by a Russian gang
It is thought that the Russian hackers were able to exploit a flaw in a software app called MOVEit Transfer, which is used by companies around the world to transfer files.
In late May, the Russian-speaking hacker gang known as CLOP began taking advantage of a new flaw, or exploit, discovered in a widely used file transfer software known as MOVEit.
The hackers appeared to penetrate as many vulnerable organizations as they could identify.
“This event has had a global impact and affected thousands of organizations, including certain agencies in the state of Maine.
“While affected individuals may be notified individually of this incident, we are sharing the details broadly on our website. Please visit this website for the latest updates regarding this incident.”
The state created one website dedicated to the infringement.
People are encouraged to call a toll-free number to check if their critical information can be accessed.
If so, the state will provide free credit monitoring.
The breach also affected several agencies: the Office of the Controller, Workers’ Compensation, Bureau of Motor Vehicles, Department of Corrections, Department of Economic and Community Development, Bureau of Human Resources, Department of Professional and Financial Regulation, and the Bureau of Unemployment. A compensation.
More than 40 percent of the staff at the Maine Department of Health and Human Services were affected, up to 30 percent at the Maine Department of Education, and the others were affected by less than one percent.
“Some departments/agencies/divisions, including the Maine Revenue Services, the Center for Disease Control & Prevention and the Department of Public Safety – Gambling Control Unit, had fewer than 10 individuals affected by the incident, the official website said.
Maine is only now announcing the breach to residents, but the public has known about the group’s attacks since June.
The Department of Energy and several other federal agencies were compromised in the same attack.
Other victims included Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the provincial government of Nova Scotia, British Airways, the British Broadcasting Company and the British drugstore chain Boots.
The parent company of MOVIEit’s US maker, Progress Software, alerted customers to the breach on May 31 and released a patch.
But cybersecurity researchers said dozens, if not hundreds, of companies had likely quietly exfiltrated sensitive data by then.