AUGUSTA, Maine – The State of Maine is notifying individuals that it was affected by the global cybersecurity incident concerning the file transfer tool, MOVEit. The State is among several thousand organizations impacted by the software vulnerability in MOVEit which allowed cybercriminals to access and download data. This global incident affected a wide range of industries, including insurance, finance, education, health, and government.
Like many entities globally, the State of Maine utilizes MOVEit, a data transfer tool owned by Progress Software, for sending and receiving data. Upon learning of the software vulnerability on May 31, 2023, the State promptly:
- Implemented measures to protect its information. These steps included blocking internet access to and from the MOVEit server and applying the security measures recommended by Progress Software to patch the vulnerability.
- Engaged the service of outside legal counsel.
- Sought the expertise of external cybersecurity professionals to investigate the scope of impact.
- Carried out an extensive evaluation to identify the individuals whose information may have been impacted. This thorough assessment was a critical component of Maine's response, as it facilitated the State in providing notifications to those who may have been affected.
- Communicated with law enforcement concerning the incident.
The State of Maine’s assessment of the impacted files was recently completed, and the State is actively notifying the impacted individuals through various communication channels, including through a nationwide media press release, letter mail and/or email. The State has also established a dedicated website, www.maine.gov/moveit-global-data-security-incident, to provide individuals with the latest information concerning the security incident. A dedicated call center has also been setup for individuals to call with questions relating to the incident.
The State of Maine may hold information about individuals for various reasons, such as residency, employment, or interaction with a state agency. The State also engages in data sharing agreements with other organizations to enhance the services it provides to its residents and the public.
The specific information involved in this incident varies based on the individual and their association with the State. However, the following types of information may have been accessed: name, Social Security number, date of birth, driver’s license/state identification number, and taxpayer identification number. In addition, for some individuals, certain types of medical information and health insurance information may be involved.
Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data from certain entities, including governments. Despite their assertions that any data obtained from governments has been erased, the State is urging individuals to take steps to protect their personal information.
The State of Maine is offering two years of complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or taxpayer identification numbers were involved.
Individuals are encouraged to contact Maine's dedicated call center to find out if their data was involved or if they have questions about this incident. The phone number is (877) 618-3659, with representatives available from Monday to Friday, 9 AM to 9 PM ET. If it is determined that an individual’s Social Security number or taxpayer identification number is involved, the call center will provide the individual with a complimentary credit monitoring code.
Individuals who receive a code for credit monitoring may enroll in the services by calling (866) 622-9303. Representatives are there to assist you from Monday to Friday, 8 AM to 11 PM ET, and on Saturday from 9 AM to 6 PM ET. Adults may also enroll online by visiting https://app.identitydefense.com/enrollment/activate/stme. Minors may be enrolled online by visiting https://app.minordefense.com/enrollment/activate/stemd. Remember to have your code handy when you're ready to enroll.
For the latest information on this incident, please visit www.maine.gov/moveit-global-data-security-incident.