Home > Tech

An entire state's population just had its data stolen by a ransomware group

The data breach impacts about 1.3 million people.
By Matt Binder  on 
Share on Facebook Share on Twitter Share on Flipboard
Hacker on computer
A ransomware group breached a system used by the government of Maine and access 1.3 million individuals' personal data. Credit: GETTY

It's not everyday that roughly the entire population of a U.S. state gets their data stolen by online thieves.

But, according to the state of Maine, that's what happened this year.

In a new notice posted on Maine's official state government website, 1.3 million residents have had their data stolen due to a vulnerability in a tool used by the state. The breach was first discovered on May 31 of this year. It is believed that a notorious ransomware group is behind the attack.

Again, 1.3 million individuals are affected in this data breach. Maine has over 1.3 million residents according to the 2022 U.S. Census.

SEE ALSO: 23andMe may have suffered yet another breach – your data is in jeopardy

According to the notice, the data breach occurred between May 28 and May 29 of this year. Cyber criminals took advantage of a "software vulnerability" in a third-party file transfer tool known as MOVEit. The state says that this tool is "used by thousands of entities worldwide to send and receive data." During that period, an exploit in the tool was weaponized by a cybercriminal group which was able to download swaths of data from multiple state government agencies. 

Just how much data was scooped up in this breach is a major cause for concern. It appears that these cybercriminals have access to many Maine residents' sensitive personal data. Exactly how each individual is affected is dependent on that person and their "association with the state." For example, if a specific person has provided certain data as part of a specific program connected to an agency, that data has potentially been breached.

Maine has confirmed that some points of data that the cybercriminals could potentially have on an individual includes their name, Social Security number, date of birth, driver’s license or state ID number, and taxpayer ID number. Medical information as well has health insurance information may also have been affected.

Officials in Maine dealt with the issue by shutting off access to MOVEit as soon as the breach was discovered. However, significant amounts of data had already been accessed. It's unclear exactly who was behind the breach, although it is believed to be a cybercriminal group known as Clop. However, as of today, that data has still yet to be released by the ransomware group.

The state says that individuals should reach out to the state for more information as to how they've potentially been affected. Maine has set up a website with details for residents here.

UPDATE: Nov. 12, 2023, 9:28 a.m. EST While a ransomware group is believed to be behind the attack, the data breach occurred due to a vulnerability discovered within MOVEit. This post has been updated to specify that.

Topics Cybersecurity

Recommended For You
23andMe may have suffered yet another breach – your data is in jeopardy
By Tim Marcin
ChatGPT revealed personal data and verbatim text to researchers
By Cecily Mauran
How to watch U.S. Netflix from anywhere in the world
By Joseph Green
Google Drive: Users are reporting that their files have disappeared
By Cecily Mauran
'GTA 6' trailer: It's finally here, and it looks amazing
By Amanda Yeo
Trending on Mashable
NASA will land daring spacecraft on a world 800 million miles away
By Mark Kaufman
NYT Connections today: See hints and answers for December 8
By Mashable Team
NYT Connections today: See hints and answers for December 7
By Mashable Team
Wordle today: Here's the answer and hints for December 8
By Mashable Team
The 10 best books of the year, according to BookTok
By Christianna Silva and Elena Cavender
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!