State of Maine Confirms Impact in Global MOVEit Cyberattack

The state of Maine said several of its government agencies had been hacked in the Clop ransomware group’s sweeping cyberattack on MOVEit servers that affected thousands of organizations and millions of people worldwide.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The Maine departments of Education and Health and Human Services are among the state agencies most affected by the data-stealing attack in late May, according to a Friday press release. The ransomware group used an injection flaw vulnerability to breach Progress Software’s MOVEit file transfer tool that a wide variety of public and private sector organizations use for secure file transfer services.

The state said it took immediate steps to secure its systems and blocked internet access to MOVEit servers as soon as officials became aware of the incident. Maine is just the latest in an ever-growing list of high-profile victim organizations affected by the global cyberattack, including federal agencies, such as the departments of Energy and Agriculture, and major corporations, including Shell and American Airlines (see: Data Breach Toll Tied to Clop Group’s MOVEit Attack Surges)

Maine determined that approximately 1.3 million individuals were affected in its MOVEit incident. The state has just over 1.3 million residents, according to the most recent U.S. Census data.

Security firm Emsisoft reported that 2,588 organizations have been affected by the MOVEit breach as of Friday. The breach has affected more than 69 million people worldwide. Education, health and finance and professional services sectors are among the most heavily affected in the global breach and U.S. organizations account for more than 78% of known victims.

On Wednesday, Microsoft said the Russian-speaking ransomware gang has begun to target a zero-day vulnerability within SysAid on-premises software. SysAid said it “immediately began communicating with our on-premises customers about the matter” and implemented a workaround solution “as quickly as possible.” The full extent of the impact remains unclear (see: MOVEit Hackers Turn to SysAid Zero-Day Bug)

Maine urged individuals to review their online accounts for suspicious activity and to order credit reports and contact law enforcement if their sensitive information has been stolen.