Russian gang’s hack in Maine affected personal data of 1.3 million people

/in


More than 1 million people who had contact with Maine state agencies have been caught up in a Russian gang’s international cybersecurity breach, potentially exposing their Social Security numbers, dates of birth and other confidential information, state officials said Thursday.

The Department of Administrative and Financial Services is notifying people who may have been affected by what it called a “global cybersecurity incident” that occurred May 28 and May 29 concerning the file transfer tool, MOVEit. The state is among several thousand organizations affected by software vulnerability that allowed cybercriminals to access and download data, the state said in an announcement about the breach. It affected industries such as insurance, finance, education, health and government.

The breach, which affected 1.3 million people, exposed data on more than half of  the state Department of Health and Human Services workers and between 10% and 30% of the employees at the Department of Education. Maine’s population is 1.37 million people.

Other affected agencies are the Office of the Controller, Workers’ Compensation, Bureau of Motor Vehicles, Department of Corrections, Department of Economic and Community Development, Bureau of Human Resources, Department of Professional and Financial Regulation, and the Bureau of Unemployment Compensation.

Once the breach was discovered, the state sought to identify people whose information might have been compromised. The assessment of those affected took months and was recently completed. The state is now notifying individuals using a press release issued nationwide, the U.S. Postal Service and email.

The exploited program, MOVEit, a file-transfer platform made by Progress Software Corp., is widely used by businesses to share files, The Associated Press reported in June. The breach was blamed on a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations and governments.

The incident in May was specific and limited to Maine’s MOVEit server and did not impact any other state networks or systems, according to information posted on the state’s website.

Maine agencies hold information about…

Source…