An entire state's population just had its data stolen by a ransomware group

It's not everyday that roughly the entire population of a U.S. state gets their data stolen by online thieves.

But, according to the state of Maine, that's what happened this year.

In a new notice posted on Maine's official state government website, 1.3 million residents have had their data stolen due to a vulnerability in a tool used by the state. The breach was first discovered on May 31 of this year. It is believed that a notorious ransomware group is behind the attack.

Again, 1.3 million individuals are affected in this data breach. Maine has over 1.3 million residents according to the 2022 U.S. Census.

According to the notice, the data breach occurred between May 28 and May 29 of this year. Cyber criminals took advantage of a "software vulnerability" in a third-party file transfer tool known as MOVEit. The state says that this tool is "used by thousands of entities worldwide to send and receive data." During that period, an exploit in the tool was weaponized by a cybercriminal group which was able to download swaths of data from multiple state government agencies. 

Just how much data was scooped up in this breach is a major cause for concern. It appears that these cybercriminals have access to many Maine residents' sensitive personal data. Exactly how each individual is affected is dependent on that person and their "association with the state." For example, if a specific person has provided certain data as part of a specific program connected to an agency, that data has potentially been breached.

Maine has confirmed that some points of data that the cybercriminals could potentially have on an individual includes their name, Social Security number, date of birth, driver’s license or state ID number, and taxpayer ID number. Medical information as well has health insurance information may also have been affected.

Officials in Maine dealt with the issue by shutting off access to MOVEit as soon as the breach was discovered. However, significant amounts of data had already been accessed. It's unclear exactly who was behind the breach, although it is believed to be a cybercriminal group known as Clop. However, as of today, that data has still yet to be released by the ransomware group.

The state says that individuals should reach out to the state for more information as to how they've potentially been affected. Maine has set up a website with details for residents here.

UPDATE: Nov. 12, 2023, 9:28 a.m. EST While a ransomware group is believed to be behind the attack, the data breach occurred due to a vulnerability discovered within MOVEit. This post has been updated to specify that.