You know you’re having a bad day when you find out that nearly all the citizens of your state might have just had private data stolen. I’m sure that’s how the state government of Maine feels now they know the extent of a recent ransomware attack.
State agencies in Maine had become the latest victim to a ransomware gang. They used a heavily exploited vulnerability in the MOVEit file transfer tool. They shouldn’t feel so bad, though, as they are only the latest in a long list of organizations that have been bitten by this particular bug.
A notice was released from the government stating that the hack impacted nearly 1.3 million people. As of 2020, the population of Maine is 1,362,359 according to Wikipedia. They state that they were made aware of the cybercriminals on May 31. The bad actors had been rummaging through their systems on May 28 and 29.
Because of the severity of the attack, the data that was stolen various from person to person. This is due in large part to the hit being on multiple agencies and who utilized which agency. The gang at least has names, social security numbers, birthdates, driver’s license and state ID numbers and tax ID numbers. Some people’s medical and health insurance information may have been scooped up because Health and Human Services got hit.
The state government said they moved to block internet access to the MOVEit server, but, by then, the damage was already done. They will be offering two years of complimentary credit monitoring and identity theft protection services whose SSNs and tax ID numbers were stolen.