Maine Falls Victim to Statewide Ransomware Attack, Thousands of Records Compromised

The state agencies of Maine were targeted by cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, resulting in approximately 1.3 million individuals being affected. The stolen data includes names, Social Security numbers, birthdates, driver’s license and state identification numbers, taxpayer identification numbers, and in some cases, medical and health insurance information. The Maine Department of Health and Human Services and the Maine Department of Education were the most affected agencies. The state government has blocked internet access to and from the MOVEit server and is providing two years of complimentary credit monitoring and identity theft protection services to those whose information was compromised. The Clop ransomware gang, believed to be responsible for the attacks, has yet to release the stolen data. Other entities affected by the vulnerability include the New York City Department of Education, Sony, and Maximus Health Services, Inc. The Securities and Exchange Commission is investigating MOVEit creator Progress Software.