The State of Maine is the newest entity to reveal vital influence from the cyberattack focusing on a zero-day in Progress Software program’s MOVEit file switch software earlier this 12 months.
By exploiting the vulnerability, described as a vital unauthenticated SQL injection concern, a infamous ransomware gang accessed information transferred via the MOVEit software program.
Thus far, greater than 2,500 organizations and over 69 million people have been affected by the MOVEit hack, information from cybersecurity agency Emsisoft reveals.
Of the affected people, 1.3 million are Maine residents, the State of Maine introduced on Thursday, saying it has accomplished its investigation into the compromised information.
The attackers accessed private info corresponding to names, dates of delivery, Social Safety numbers, driver’s license/state identification numbers, and taxpayer identification numbers, and, in some instances, medical info and medical health insurance info, the State of Maine says.
“The State of Maine could maintain details about people for varied causes, corresponding to residency, employment, or interplay with a state company. The State additionally engages in information sharing agreements with different organizations to boost the providers it gives to its residents and the general public,” Maine notes.
In a web-based notification, the state reveals that, between Might 28 and Might 29, the attackers accessed and downloaded “recordsdata belonging to sure businesses within the State of Maine” via Maine’s MOVEit server, with no different programs being compromised.
The Maine Division of Well being and Human Providers was impacted probably the most, as greater than 50% of the stolen recordsdata belonged to it, with the Maine Division of Schooling being second most affected (proudly owning 10-30% of the recordsdata).
“As quickly because the State grew to become conscious of the incident, the State took steps to safe its info, together with by blocking web entry to and from the MOVEit server,” the State of Maine says.
Maine has began notifying the impacted people and is offering them with complimentary credit score monitoring and id theft safety providers.
