The MOVEit breach of May 2023 is already on track to become one of the most catastrophic and costly data breaches in recent history. The numbers are still unfolding with the fraudsters announcing new victims frequently. As of September 26, 2023, roughly 62 million individuals have had their identities compromised. The state agencies of Maine are the latest addition to the growing list of entities affected by this massive software hack. In a notice the government of Maine has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals. Seems like an insignificant number to the gross number of victims so far. Right? Except the U.S. Census Bureau estimates that the population of Maine was 1,344,212. So let’s say just about everyone in the state of Maine is a victim of identity theft.
The files stolen from the breach contained the sensitive data of state residents, employees, and individuals who received services from state agencies. Which is just about everyone. More than half of the employees affected worked at the state Department of Health and Human Services, and between 10% and 30% worked at the Department of Education. Don’t forget the Department of Motor Vehicles. And the Department of Labor. The list goes on. Again, let’s say just about everyone in Maine is a victim of identity theft.
The breached information included names, dates of birth, driver’s license numbers, Social Security numbers, and health and medical information. Six months after the hack, notification letters are just now being issued and complimentary credit monitoring services have been offered to individuals who had their Social Security numbers exposed or stolen. Seems a little too late? But no one is quick to act here, The Securities and Exchange Commission is just investigating now MOVEit creator Progress Software, though it only just sent the company a subpoena in October and is still in the “fact-finding inquiry” phase of its probe.
Today’s Fraud of The Day is based on article “Maine government says data breach affects 1.3 million residents” published by Tech Crunch on November 9, 2023
The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang.
In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability to access and download files belonging to certain state agencies between May 28 and May 29, the statement read.
