Maine Shuts Down Data Breach Reporting Portal Due to Fraudulent Disclosures

In response to fraudulent breach disclosures, Maine has temporarily taken its public data breach reporting portal offline. This decision was made after fake data breach reports were published on the state’s website, prompting a review of procedures to prevent future abuse.

Recently, fraudulent data breach disclosures were submitted to Maine’s official breach notification portal, impersonating popular platforms Discord and VRChat. VRChat confirmed to BleepingComputer that the filing was fraudulent and had been submitted using the name of a fictitious employee.

The Maine Attorney General’s Office released a statement acknowledging the abuse of the data breach reporting system. The statement confirmed that “hoaxes” were submitted through the state’s reporting system by an unknown entity unrelated to the affected companies.

As a result, public access to the breach notification database has been temporarily disabled while the Attorney General’s Office reviews reporting procedures to prevent similar abuse in the future. Prior to the shutdown, submitted breach notices were automatically published to the public database.

Companies can still submit breach notifications through the reporting service, but members of the public seeking copies of disclosures must now contact the Attorney General’s Office directly. The incident highlights how automatically published breach disclosures can be abused to spread misinformation and harm a company’s reputation.

The fraudulent VRChat filing falsely claimed a data breach impacting over 2.4 million individuals and included a fabricated employee contact name. After verification, VRChat confirmed the disclosure was fake and stated they had not submitted the notice to Maine authorities.

Discord, another platform mentioned in the fraudulent notice, did not respond to BleepingComputer’s inquiry. The extent of additional fraudulent breach notices submitted through the portal before the state suspended public access remains unclear.

Security teams only detect and alert on 14% of successful attacks, leaving the majority unnoticed. The Picus whitepaper explains how breach and attack simulation tests can enhance your detection capabilities. Download the whitepaper now.