State agencies in Maine fell victim to a cyberattack and lost nearly all of the state population's data to hackers.

The state government reported on Thursday that 1.3 million individuals had their data stolen by ransomware hackers, meaning people who install software locking up a user's data and requiring a ransom to free it.

SOCIAL SECURITY UPDATE: SECOND ROUND OF DIRECT PAYMENTS WORTH UP TO $4,555 ARRIVES IN SIX DAYS

State agencies were affected by the global cybersecurity incident involving MOVEit, a file transfer tool whose servers were breached by cybercriminals and used to steal data from thousands of organizations. State authorities learned of MOVEit's vulnerability on May 31 and determined that criminals could use it to access and download files from various state agencies on May 28 and 29. Officials wrapped up their investigation and are now informing residents of the data threat.

The specific information stolen in the incident may vary based on the person, the government stated, but the possibly affected information includes "name, Social Security number, date of birth, driver's license/state identification number, and taxpayer identification number." The ransomware gang Clop is believed to be behind this due to its role in similar attacks, although the group has yet to release any data stolen from Maine's agencies.

More than half the stolen data relates to Maine's Department of Health and Human Services, while about a third affects the state's Department of Education. Other affected agencies include Maine's Bureau of Motor Vehicles and the Department of Corrections.

Maine authorities blocked internet access to and from the MOVEit server as soon as they became aware of the breach. The state is offering two years of complimentary credit monitoring and identity theft protection services to any residents whose SSN or taxpayer number may have been compromised.

The MOVEit hack is considered by many to be one of the largest hacks of 2023, with at least 60 million individuals affected by it as of Aug. 2023. The list of victims grew in May after MOVEit owner Progress Software disclosed a zero-day vulnerability in its software. The attack allowed several cybercriminals, including Clop, to begin raiding MOVEit servers and stealing the data as it was being stored. More than 2,500 organizations have reported MOVEit-related data breaches, according to the cybersecurity firm Emsisoft.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Affected entities include the states of Colorado, Oregon, and Louisiana, as well as the Department of Energy.

The Securities and Exchange Commission is already investigating Progress Software over the breach.