Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Maine’s MOVEit Breach: 1.3M Individuals Affected in the US

Executive Summary


A successive MOVEit hack in the US breached data for about 1.3 million individuals.

The State of Maine was the target. The State addresses the fallout by securing affected information, offering credit monitoring services, and establishing a dedicated call center for citizens.

This incident is part of a broader MOVEit hacking campaign conducted by the Cl0p ransomware group. The estimated total financial impact of this campaign is roughly in the billions of dollars.

The MOVEit hacks exploit a vulnerability, CVE-2023-34362 with a CVSS score of 9.8. The successful exploits highlight the widespread vulnerability of file transfer platforms, with severe consequences for organisations and individuals alike.

What Happened

On May 31, 2023, the State of Maine faced a software vulnerability in MOVEit, a third-party file transfer tool widely used globally. Cybercriminals exploited this vulnerability to compromise data belonging to certain State agencies.

The data breach impacted approximately 1.3 million individuals. The type of data accessed by the threat actors varies on the individual and their association with the State. Compromised data may include sensitive information such as the Social Security number (SSN), date of birth, driver’s license/state identification number, taxpayer identification number, medical information, and health insurance information of some individuals.

The State took measures to secure its information. These include limiting MOVEit server access, implementing security measures, engaging legal counsel and external cybersecurity experts, and conducting a thorough investigation. Additionally, a dedicated call center has been established to assist citizens in determining if their data was compromised.

The MoveIt Hacks

The MOVEit hacks extend beyond the State of Maine, as evidenced by a large-scale hacking campaign orchestrated by the Cl0p ransomware group. The campaign targeted the MOVEit Transfer file transfer platform, impacting around 1,000 organizations and 60,144,069 individuals. Notable affected organisations include Maximus, Pôle emploi, Louisiana Office of Motor Vehicles, and others.

Please refer to our previous articles for more information about the MoveIt Hacks:

Cybersecurity firms Emsisoft and Resecurity reported on the extensive reach of the MOVEit campaign. Accordingly, finance, professional services, and education sectors are the most heavily impacted. The financial implications of the breaches are challenging to quantify accurately. However, estimates based on IBM’s “Cost of a Data Breach Report 2023” suggest potential costs reaching billions of dollars.

These attacks underscore the severity and scale of contemporary cybersecurity threats. Robust measures are indeed necessary to safeguard sensitive information and mitigate the far-reaching consequences of such breaches.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.