Although only 1.3 million people live in a member state the size of Hungary, almost all of them are implicated in the just-announced data theft case.
The state of Maine has uncovered the most high-profile cybersecurity incident in its history. For a large amount of population data managed by one of the smaller member states of the United States, the a report According to the report, it was accessed by unauthorized people at the end of May this year, exploiting a security vulnerability in the file-sharing service MOVEit.
According to the official explanation, a long time had passed between the incident and its disclosure, because it took until now to investigate the case and reveal exactly what type of information the case contained. All this becomes more understandable if we add that the data of nearly 1.3 million people could have been accessed by hackers, which practically means the total population of a country the size of Hungary, but much less populated.
In the case of some people, the information obtained by unauthorized persons varies significantly, depending on the cases in which citizen data were registered by state agencies and agencies. Based on the information, names, Social Security numbers, dates of birth, driver’s license and other identification numbers, as well as tax identification numbers, were among the items stolen. In fact, some individuals’ medical records and health insurance data were hacked. The latter is not surprising, because according to the summary, more than half of the stolen records came from the ministry responsible for health and social services, while a smaller but also significant portion came from the organization that oversees public education.
Naturally, the government report confirms that as soon as the problem was discovered, access was immediately blocked, and an investigation into the incident began with the participation of the authorities. One direct outcome of this case is that the state will provide for two years free credit monitoring and identity theft protection to anyone whose personal information is stolen for financial abuse.
He did not spare others either
The MOVEit vulnerability has since been patched He took several serious victims. Among them was, for example, an English human resources and accounting software company, whose clients included British Airways, among others. In the case of Nova Scotia, Canada, it quickly became clear that data managed by the province had also been stolen, since in principle, files were also managed through the MOVEit system, which was developed for secure file transfer.
Regarding the culprits, Microsoft’s security team already announced in June that the crime was definitely committed by the Russian hacker gang behind the Clop ransomware. Incidentally, this team had already succeeded in hacking the New York State Department of Education (from which they stole the data of 45,000 students), but their name also appeared in connection with the incident at Maastricht University.