The breach was part of a massive cyberattack in May that exploited a vulnerability in the widely used MOVEit file-transfer system.
In addition to various state agencies in Maine, several U.S. federal agencies were also impacted by the data breach in May, including the Department of Energy and Department of Health and Human Services.
Maine said this week that affected data included names, Social Security numbers, dates of birth, driver’s license or state identification numbers, taxpayer identification numbers, medical information and health insurance information.
The state’s Department of Health and Human Services and Department of Education were the agencies most affected by the incident. Several other departments were impacted to lesser extents.
The state said it “blocked internet access to and from the MOVEit server” and implemented security measures recommended by the company that owns the tool as soon as it became aware of the breach.
The cyberattack was reportedly orchestrated by a Russian ransomware group and has impacted more than 70 million people worldwide, according to a running tally by the anti-malware company Emsisoft.
The breach also compromised some 6 million records at the Louisiana Department of Motor Vehicles and affected about 4 million people through the Colorado Department of Health Care Policy and Financing and 3.5 million others through the Oregon Department of Transportation.
Read more in a full report at TheHill.com.