SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

1.3 Million Maine Residents Impacted by MOVEit Hack

The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack.

The State of Maine is the latest entity to disclose significant impact from the cyberattack targeting a zero-day in Progress Software’s MOVEit file transfer tool earlier this year.

By exploiting the vulnerability, described as a critical unauthenticated SQL injection issue, a notorious ransomware gang accessed data transferred through the MOVEit software.

To date, more than 2,500 organizations and over 69 million individuals have been affected by the MOVEit hack, data from cybersecurity firm Emsisoft shows.

Of the affected individuals, 1.3 million are Maine residents, the State of Maine announced on Thursday, saying it has completed its investigation into the compromised data.

The attackers accessed personal information such as names, dates of birth, Social Security numbers, driver’s license/state identification numbers, and taxpayer identification numbers, and, in some cases, medical information and health insurance information, the State of Maine says.

“The State of Maine may hold information about individuals for various reasons, such as residency, employment, or interaction with a state agency. The State also engages in data sharing agreements with other organizations to enhance the services it provides to its residents and the public,” Maine notes.

Advertisement. Scroll to continue reading.

In an online notification, the state reveals that, between May 28 and May 29, the attackers accessed and downloaded “files belonging to certain agencies in the State of Maine” through Maine’s MOVEit server, with no other systems being compromised.

The Maine Department of Health and Human Services was impacted the most, as more than 50% of the stolen files belonged to it, with the Maine Department of Education being second most affected (owning 10-30% of the files).

“As soon as the State became aware of the incident, the State took steps to secure its information, including by blocking internet access to and from the MOVEit server,” the State of Maine says.

Maine has started notifying the impacted individuals and is providing them with complimentary credit monitoring and identity theft protection services.

Related: 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse

Related: Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Related: Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Philip Martin has joined Uber as Chief Information Security Officer.

Fable Security has appointed Jacob Berry as Chief Information Security Officer.

iCOUNTER has named Ali Waezzadah as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.