Topics

Latest

AI

Amazon

Article image

Image Credits:Nancy Lane / Boston Herald / Getty Images

Apps

Biotech & Health

mood

a blue roadsign that says “Welcome to Maine, the way life should be” on a road with a car driving past, on a dark and slightly rainy day with a large field and house in the background.

Image Credits:Nancy Lane / Boston Herald / Getty Images

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

gismo

Gaming

Google

Government & Policy

ironware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

surety

Social

infinite

startup

TikTok

transit

Venture

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

adjoin Us

The politics of Maine has confirmed over a million individuals had personal info stolen in a data point break earlier this year by a Russia - linked ransomware gang .

Ina statement published Thursday , the Maine government say hacker exploited a exposure in its MOVEit file - transferee system , which stored sore information on state residents . The drudge used the exposure to access and download files belonging to sure United States Department of State bureau between May 28 and May 29 , the statement read .

The Maine politics said it was discover the incident and notifying affected person as its assessment of the impacted files “ was recently completed . ”

Maine said that the stolen information may include a person ’s name , engagement of birth , Social Security act , driver ’s licence and other state or taxpayer designation numbers . Some individuals had medical and health insurance policy information accept .

Thestatementsaid the state holds information about house physician “ for various reasons , such as residency , employment , or fundamental interaction with a land agency , ” and that the data it make varies by person .

harmonise to the province ’s breakdown of which delegacy are involve , more than half of the stolen data point link up to Maine ’s Department of Health and Human Services , with up to about a third of the datum feign the Maine ’s Department of Education . The remaining data affects various other way , include Maine ’s Bureau of Motor Vehicles and Maine ’s Department of Corrections , though the government mark that the crack-up of information is subject to modification .

It ’s not known how late the stolen data point is or what years the stolen data point touch to .

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

Although more than 1.3 million people live in the state , Maine governing representative Sharon Huntley tell apart TechCrunch by email on Friday that the breach is “ not a match to the current population and out of country hoi polloi were expose as well . ”

In itsdata breach noticefiled with its own lawyer full general ’s office , Maine ’s government said 534,194 individuals — or 40 % of all those affected — are state residents .

The Maine res publica governance is the latest victim to disclose a breach related to the MOVEit mass nag , opine to be thelargest hacking incident of the yearby the numbers of victims alone .

MOVEit systems are Indian file transfer servers used by grand of organizations around the world to move large bent of often - tender data over the internet . In May , the system ’s maker Progress Software fixed a exposure that earmark cybercriminals — specificallythe ill-famed Clop ransomware and extortion bunch — to mass - hack MOVEit servers around the mankind and slip the client ’ raw data salt away inside .

accord to cybersecurity firm Emsisoft , which has beentracking the mass exploitation , more than 2,500 organizations have disclosed MOVEit - related data breaches , affecting at least 69 million people — though the on-key number is likely to be far gamy as more establishment come ahead .

Emsisoft list Maine ’s security incident as the eleventh largest MOVEit - related breach disclosed at the clip of writing , behindOntario ’s birth register ; the nation ofColorado , Oregon , and Louisiana ; andU.S. political science contractor Maximus . SeveralU.S. Union agencieswere also affect including the U.S. Department of Energy .

Clop has not yet listed Maine on its leak site as it has with other MOVEit - link up victim . Ransomware gangs often publish portion of the slip single file toextort formation into pay a ransom money . The Clop work party has previously claimed it delete government data . Cybercriminals are cognize to mislead or straight-out lie if it results in them getting paid , or retain the stolen data if it can be financially valuable elsewhere .

Clop is a Russia - speak ransomware gang , which research worker have linked to previous mountain - hacking incidents call for interchangeable file transfer putz , includingFortra ’s GoAnywhere file transfer of training toolandAccellion ’s file transfer app .

Last week , Progress Softwaresaid in a regulatory filingthat the U.S. Securities and Exchange Commission had subpoena the company look for “ various documents and information ” related to the MOVEit vulnerability . Progress said it intends to “ cooperate in full ” with the SEC ’s investigation .

update the first paragraph to clarify that Clop is linked to , but not needs backed by Russia , and on Friday with additional inside information from Maine ’s voice .

MOVEit , the biggest hack of the class , by the numbers game