The government of Maine, the most northeastern US state, appears to have become the latest victim of the MOVEit data breach incident.
The state government released a statement claiming that the attackers stole sensitive citizen data between May 28 and 29, 2023, but that it had just finished informing the affected people and disclosing the incident to the relevant authorities.
More than 1.3 million people live in Maine, and the attackers stole sensitive data that could be used for identity theft, wire fraud, phishing and more, including full name, date of birth, Social Security number, driver’s license and other state information. or taxpayer identification numbers. Some people have also had their medical and health insurance information stolen.
Negotiate data release
The government claims it needs this information “for various reasons, such as residency, employment, or interaction with a government agency.”
Maine is not the first public organization or government to fall victim to Cl0p’s MOVEit shenanigans. Ontario Birth Register; the states of Colorado, Oregon and Louisiana; as well as US government contractor Maximus have all ended up on Cl0p’s data breach page. The U.S. Department of Energy, as well as a number of other federal agencies, were also affected. In total, according to some reports, more than 2,500 organizations worldwide were affected by the MOVEit incident.
So far, Cl0p hasn’t listed Maine on its data breach site, meaning the company likely still hasn’t started negotiations on the ransom demand. Ransomware threat actors usually ask for money in cryptocurrency in exchange for not leaking sensitive data on the dark web. This particular threat actor is most likely of Russian origin and is responsible for making September a record month for ransomware infections.