About 1.3 million people were affected by a data breach in Maine earlier this year, the state revealed on Thursday.
The breach was part of a massive cyberattack in May that exploited a vulnerability in the widely used MOVEit file-transfer system. Several U.S. federal agencies, including the Department of Energy and Department of Health and Human Services (HHS), were also impacted.
Maine, which has a population of about 1.38 million, said that the affected data included names, Social Security numbers, dates of birth, driver’s license or state identification numbers, taxpayer identification numbers, medical information and health insurance information.
More than 50 percent of data from Maine’s Department of Health and Human Services and between 10 percent and 30 percent of data from the state’s Department of Education were affected by the incident. Several other departments were also impacted to lesser extents.
The state said it “blocked internet access to and from the MOVEit server” and implemented security measures recommended by the company that owns the tool as soon as it became aware of the data breach.
It also brought in “external cybersecurity experts to investigate the nature and scope of the incident” and conducted an “extensive” investigation to identify what information had been impacted.
People whose Social Security numbers or taxpayer identification numbers were involved in the breach can receive two years of credit monitoring and identity theft protection services, according to Thursday’s press release.
The attack was reportedly orchestrated by a Russian ransomware group and has impacted over 70 million people worldwide, according to a running tally by the anti-malware company Emsisoft.
The breach also compromised some 6 million records at the Louisiana Department of Motor Vehicles and affected about 4 million people through the Colorado Department of Health Care Policy and Financing and 3.5 million others through the Oregon Department of Transportation.
Go to Source
Author: Julia Shapero