Nearly all people in US state of Maine affected by Moveit hack

/in


A statement issued by the government of Maine in the US notified 1.3m residents that their personal data may have been stolen in a cyberattack in May.

Nearly the entire population of the US state of Maine has fallen victim to the latest Moveit hack after the personal information of 1.3m was stolen by criminals.

First reported in June, the global Moveit breach, in which hackers exploit a zero-day vulnerability in the file transfer software, has affected companies and government agencies on both sides of the Atlantic, including banks, universities, insurance and healthcare providers.

One of the first incidents announced affected 45,000 students in the New York City Department of Education system. The agency revealed that students’ personal information, such as social security numbers and birth dates, was stolen.

In July, the hack hit closer to home, after Dublin Airport became the latest victim of the cyberattack. Pay and benefits information of some Dublin Airport employees was compromised in a third-party cyberattack affecting Aon, airport management company DAA confirmed to SiliconRepublic.com at the time.

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site, which was also responsible for the GoAnywhere MFT attack in March.

Now, 1.3m residents of Maine in north-eastern US have been notified by the state government that they have been impacted by a cyberattack after a “software vulnerability” was exploited by a group of hackers who accessed and downloaded files belonging to agencies in the state.

A statement issued by the government read that the incident happened between 28 and 29 May 2023.

“The state of Maine has determined that this incident has impacted approximately 1.3m individuals, with the type of data affected differing from person to person,” it read.

“The state encourages individuals to reach out to its dedicated call centre to verify if they were affected and, if so, to identify what specific data of theirs was involved.”

Types of data stolen as part of…

Source…