The State of Maine has become the latest victim to reveal the significant impact of a cyberattack targeting a zero-day vulnerability in Progress Software’s MOVEit file transfer tool earlier this year. The exploit, identified as a critical unauthenticated SQL injection issue, allowed a notorious ransomware gang to gain unauthorized access to data transferred through MOVEit software.
As per cybersecurity firm Emsisoft, the scope of the MOVEit hack extends to over 2,500 organizations and a staggering 69 million individuals. Of this vast number, 1.3 million are residents of Maine, as disclosed by the state following the completion of its investigation into the compromised data.
The attackers, leveraging the SQL injection vulnerability, accessed a trove of personal information, including names, dates of birth, Social Security numbers, driver’s license/state identification numbers, taxpayer identification numbers, and, in some instances, medical and health insurance information.
In an official notification, the State of Maine revealed that the breach occurred between May 28 and May 29. During this time frame, the attackers successfully accessed and downloaded files from specific state agencies through Maine’s MOVEit server. Importantly, the breach was contained to the MOVEit server, with no compromise of other systems reported.
The impact was most pronounced on the Maine Department of Health and Human Services, which accounted for over 50% of the stolen files. The Maine Department of Education followed, with ownership of 10-30% of the compromised files.
Upon detecting the incident, the State promptly took measures to secure its information, including blocking internet access to and from the MOVEit server. The affected individuals are being notified, and the State of Maine is offering complimentary credit monitoring and identity theft protection services as part of its response to the breach.
This cyberattack highlights the persistent threats faced by organizations and underscores the critical need for robust cybersecurity measures to safeguard sensitive information from evolving cyber threats. As the affected entities work to contain the fallout, the incident serves as a stark reminder of the growing challenges in the digital landscape.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
