Maine
Related: About this forumAn entire state's population (Maine) just had its data stolen in a ransomware attack
Background:
The attack was in May 2023. It looks like data was stolen in transit, not deleted from Maine's computers. Data is still in the hands of hackers, and could be sold to sold to unscrupulous individuals or groups until THEY delete it.
The State of Maine says:
Why Am I Hearing About This Now?
The State of Maine carried out an extensive evaluation to identify the individuals whose information may have been impacted. This thorough assessment was a critical component of Maine's response, as it facilitated the State in providing notifications to those who may have been affected. This assessment of the impacted files was recently completed, and, as a result, the State is now actively notifying the impacted individuals through various communication channels, including through a nationwide media press release, letter mail and/or email. See link below.
The state says that individuals should reach out to the state for more information as to how they've potentially been affected. Maine has set up a website with details for residents here. https://www.maine.gov/moveit-global-data-security-incident/
https://mashable.com/article/maine-moveit-ransomware-attack (Mashable article)
According to the notice, the ransomware attack occurred between May 28 and May 29 of this year. Cyber criminals took advantage of a "software vulnerability" in a third-party file transfer tool known as MOVEit. The state says that this tool is "used by thousands of entities worldwide to send and receive data." During that period, an exploit in the tool was weaponized by a cybercriminal group which was able to download swaths of data from multiple state government agencies.
Just how much data was scooped up in this ransomware attack is a major cause for concern. It appears that these cybercriminals have access to many Maine residents' sensitive personal data. Exactly how each individual is affected is dependent on that person and their "association with the state." For example, if a specific person has provided certain data as part of a specific program connected to an agency, that data has potentially been breached.
Maine has confirmed that some points of data that the cybercriminals could potentially have on an individual includes their name, Social Security number, date of birth, drivers license or state ID number, and taxpayer ID number. Medical information as well has health insurance information may also have been affected.
Once again, details are available at https://www.maine.gov/moveit-global-data-security-incident/
OAITW r.2.0
(28,258 posts)Will be doing some diligence on this.
Blue Owl
(54,654 posts)Easterncedar
(3,455 posts)I wish folks would step up and figure out the difference between effected and affected.
Impacted individuals are suffering with teeth or bowels.
That said, yes, I hate that my info was stolen, too.
Easterncedar
(3,455 posts)I guess I can stop fussing with shredding all that mail. Its pointless now!
jfz9580m
(15,374 posts)I am not sure how to prepare beyond a kind of vigilance that comes from kinda expecting more of this sort of stuff going forward. I have prepared somewhat in case of the worst.
I hope I personally am never anywhere this happens - it would be the bloody cherry on top of the shitcake that was this last decade. I am wondering when (much like the pandemic), something like this takes down everything across the globe. I have to imagine that any halfway non-lousy security applications are working on it. Or it will be like scrambling for vaccines (because we refuse to make our food production systems less awful whether it is wet markets or factory farms) all over again re: re anonymising* and protecting data.
*: I assume that is the reverse of this:
https://en.m.wikipedia.org/wiki/Data_re-identification
usonian
(13,579 posts)Sofiware is always flawed because it's made to cost. And fixes cost money, so it's wait in line. And, being commercial, new features come first, security comes last.
Open source is better because it has more eyes on it to fix it, and pride. OpenBSD Operating system is the most checked before release and almost nobody uses it.
Boss used to say to me to use windows "because everyone uses it". I told him that it's the most attacked one. Why? "because everyone uses it"
Bespoke solutions are best. Hardest to figure and least return on hacking.
The MOVEit software is widely used by businesses and government. Find one flaw, and you can hack hundreds.
The government is trying to push IT standards, but security costs money. "Good enough" isn't good enough.
jfz9580m
(15,374 posts)And I briefly considered switching to Ubuntu or some other alternative to the PC or the Mac. But if you are not someone who is sufficiently into computers (and I am one of those people who mostly just uses them as means to an end rather than an end in themselves) it is too much work and grunt work if you are not particularly knowledgeable about computers, basic use aside.
Totally hear you on that. Pride in your work does make a difference-no doubt about it.
I have never heard of OpenBSD. It is not listed here:
https://www.openlogic.com/blog/top-open-source-operating-systems-2022
I am guessing it is mostly used by computer engineers rather than lay people.
But again it probably would be more work than I am up to given all the stuff I am behind on..even commonly used terms like disk partitions make me run in the opposite direction .
usonian
(13,579 posts)OpenBSD is minimal, so minimal attack surface. Applications do lag on being ported, so its not a common desktop system.
That said, Ubuntu, RedHat variants, and so on, have all the daily apps you might need: browsers, mail clients, and even Office software (word processing, spreadsheet and presentation, all MS-compatible, in Libre Office, which works great, only some font substitution issues)
As Apple tightens down, but still allows apps to be compiled and/or loaded, I am headed in the Linux direction eventually (meaning again). And as for development, I have to load a new XCode tools every release, or the entire GNU toolchain (via port, or homebrew), so Linux is more stable, IMO, for developing anything.
System 76 offers systems pre-loaded with a form of Ubuntu (PopOS) and support it, and you can get Dells loaded with Ubuntu (only online) and supported. My non-techie brother did and never bugs me to help with it!!! He got tired of every Windows update breaking his system and having to reload drivers every time.
But security is as good as how fast you can patch things with the latest bug fixes. Apple has one every couple of weeks, and you can update Linux OS and apps with one command (or use the GUI) apt-get update or whatever RedHat uses. Cant speak for Windows.
I ran some corporate networks. Only hack was when our network guru left some ports exposed to the outside. Lots of pretenders out there. Ordinary users are way more susceptible to email phishing.
jfz9580m
(15,374 posts)Bookmarking for later. I havent had those issues recently with Windows that your brother did. I also changed system settings so I only install the necessary updates.
(I really am not interested in every new driver fix making the photoshopping of cat pics more efficient ;-/).
And I can afford to keep my comp offline most of the time. I keep my work computer strictly for work these last few years.
You seem like someone in the field. To me as a lay person cloud computing sounds like a security nightmare-of course I am a pessimistic sort of person .
My god-I am tired of those Apple os updates. For security I dare not ignore them, but they seem to have one out every other day and it uses up almost all of my mobile data each time. I ended up getting twice the usual amount of data just to keep my phone current.
usonian
(13,579 posts)I fell way behind on updates. I would have to go to the library for the free internet.
And taking a 27 inch imac there was out of the question. I was ready to do them at a friends house downtown, but finally signed up for the best internet available here: DSL. It does the job, and I dont watch movies, though they bring fiber out to hubs within a mile of the house, which works OK. Its the boondocks, what the heck.
I am holding back on the latest ios and macos until issues are resolved. The phone is too old for ios 17, but security updates are still available for 16. There are zero-day exploits. Ones that come to light faster than anyone can patch them.
Web sites are high value targets, as are all business sites. I correspond with a friend whose company uses a urldefense that filters every email and web access.