State of Maine Data Breach Exposes Personal Data of 1.3 Million People

State of Maine Data Breach

The US State of Maine has suffered a major data breach that has affected the personal information of around 1.3 million people. This includes names, Social Security numbers (SSN), dates of birth, driver’s licenses, state identification numbers, taxpayer identification numbers, and certain types of medical information and health insurance.

How Did the Data Breach Happen?

The breach was caused by a vulnerability in a secure file transfer service called MOVEit Transfer. This vulnerability is known to be used by the Cl0p ransomware gang. The cybercriminals gained access to the State of Maine’s network between May 28 and 29, 2023, and began downloading files. Progress Software, which makes MOVEit Transfer, issued a patch for the exploited vulnerability on May 31, 2023. However, the patch was not available in time to prevent the breach.

What Information Was Stolen?

The type of stolen data varies from person to person, likely because the data breach affected multiple agencies in the State. More than 50% of the data exposed in the breach came from Maine’s Department of Health and Human Services, while between 10 and 30% came from the state’s Department of Education. The breach also impacted several other departments.

What You Can Do to Protect Yourself

If you are a resident of Maine, you should contact Maine’s dedicated call center to find out if your data was involved in the breach. The phone number is (877) 618-3659, with representatives available from Monday to Friday, 9 AM to 9 PM ET.

If your Social Security Number or taxpayer identification number is involved, the call center will provide you with a complimentary credit monitoring code which give you two years of credit monitoring and identity theft protection services.

You should also be aware of the potential for phishing scams. Scammers may try to contact you and pose as the State of Maine in an attempt to steal your personal information. If someone contacts you about the data breach, make sure to verify their identity before providing them with any information.