[Doedata] FW: Priority Notice: Information Regarding State of Maine Data Incident

Warren, Katherine Katherine.Warren at maine.gov
Thu Nov 9 12:30:08 EST 2023 

Forwarded to Technology Directors, Staff and Student Data Specialists, and Superintendents

Attached please find the Priority Notice that was shared with Superintendents earlier today.

Please share with appropriate people in your district.
Contact information for questions is below. If you have additional questions not addressed here please don't hesitate to reach out.
_______________________________________
Katherine JH Warren (Kathy)
Education Data Manager
Maine Department of Education
23 State House Station
Augusta, Maine 04333-0023
Email: katherine.warren at maine.gov<mailto:katherine.warren at maine.gov>
Phone: 207-592-1793
Maine DOE<http://www.maine.gov/doe> | Facebook<https://www.facebook.com/MaineDepartmentofEducation1/> | Twitter<https://twitter.com/mdoenews> | Instagram<https://www.instagram.com/mainedepted/?hl=en> | Maine DOE Newsroom<https://mainedoenews.net/>
[cid:image001.jpg at 01DA1308.51A14300]

From: Maine Department of Education <communications.doe at maine.gov>
Sent: Thursday, November 9, 2023 11:39 AM
To: Warren, Katherine <Katherine.Warren at maine.gov>
Subject: Priority Notice: Information Regarding State of Maine Data Incident

EXTERNAL: This email originated from outside of the State of Maine Mail System. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Priority Notice from the Maine Department of Education
View this message in your browser<https://mailchi.mp/maine/cu5lemq6y0-1326912?e=c0feb0a605>.

[https://gallery.mailchimp.com/a582edd6473e477ef6307c769/images/priority_notice_72613.jpg]<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=c3222fb119&e=c0feb0a605>

Information Regarding State of Maine Data Incident

Dear Champions of Education,

We wanted to provide information from the State of Maine concerning a global data incident that the State was involved in, including educator and school staff data collected by the Maine Department of Education (DOE).

For the Maine DOE, the data involved relates to educator certification through MEIS, including names, birth dates, and Social Security numbers. MEIS is the system used for processing educator certifications /endorsements and criminal history records check (CHRC) information. No student data was involved as it relates to the Maine DOE.

While the State is not aware of any misuse of the data involved in the incident, the State of Maine is offering two years of complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers or taxpayer identification numbers were involved.

The State will be sending a letter to all impacted individuals with details on their data involved and the services available to them to take steps to protect their personal information. Individuals will also receive an email if the State has that data available.

We know this news will result in increased stress and anxiety and that school staff will have many questions about how their personal information was involved in the incident.

If you have questions about your personal data or if school staff have questions about their personal data, the State of Maine has launched a call center for individuals to learn if they are impacted and the services available to them.

Schools may also hear from parents concerned about the personal data of students. While no student data was involved in the incident as it relates to the Maine DOE, parents should be directed to the call center to learn more about the incident and find out if their family's information was involved through any other State agency.

The phone number for the call center is (877) 618-3659, with representatives available from Monday to Friday, 9 AM to 9 PM ET. If it is determined that an individual's Social Security number or taxpayer identification number is involved, the call center will provide them with a complimentary credit monitoring code.

There is also a website available with full details of the incident, a FAQ, and information regarding the call center. Visit www.maine.gov/moveit-global-data-security-incident<http://www.maine.gov/moveit-global-data-security-incident> to learn more.

Individuals who receive a code for credit monitoring may enroll in the services by calling (866) 622-9303. Representatives are there to assist them from Monday to Friday, 8 AM to 11 PM ET, and on Saturday from 9 AM to 6 PM ET.

  *   Adults may also enroll online by visiting: https://app.identitydefense.com/enrollment/activate/stme<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=dbbe13f3b9&e=c0feb0a605>
  *   Minors may be enrolled online by visiting: https://app.minordefense.com/enrollment/activate/stemd<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=18a3fd0c76&e=c0feb0a605>

The Federal Trade Commission's website, available at https://consumer.ftc.gov/features/identity-theft<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=6b99cc2b1c&e=c0feb0a605>, also has information on how to protect personal information.

The Maine DOE continues to work with Maine IT and other agencies around a coordinated response to this data breach and notifications of those involved. The State has also informed law enforcement of the incident. We will keep school administrative units (SAUs) informed of any updates and additional information or resources.

Additional Background from the State of Maine:

On May 31, 2023, the State of Maine became aware of a software vulnerability in MOVEit, a third-party file transfer tool that is owned by Progress Software and used by thousands of entities worldwide to send and receive data.

The software vulnerability was exploited by a group of cybercriminals and allowed them to access and download files belonging to various State of Maine agencies between May 28, 2023, and May 29, 2023.

As it pertains to the State, this incident was specific and limited to Maine's MOVEit server and immediate steps were taken to secure the State's information. This included:

  *   Blocking internet access to and from the MOVEit server;

  *   Implementing security measures recommended by Progress Software to patch the vulnerability;
  *   Engaging the service of outside legal counsel;
  *   Engaging external cybersecurity experts to investigate the nature and scope of the incident; and
  *   Conducting an extensive investigation to determine what information was involved.

The State of Maine has confirmed that the incident is contained, and no other State networks or systems were impacted by this incident. Law enforcement is also aware of the situation.

Maine is not the only entity impacted by the MOVEit vulnerability. This incident has had a broad impact, affecting state and federal government agencies, educational institutions, financial and professional services firms, pension funds, and a variety of other entities worldwide. To date, more than 2,000 organizations, including many government agencies, and 60 million individuals worldwide have been affected.

Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data from certain entities, including governments. Despite their assertions that any data obtained from governments has been erased, the State is urging individuals to take steps to protect their personal information.

The State of Maine carried out an extensive evaluation to identify the individuals whose information may have been impacted. This thorough assessment was a critical component of Maine's response, as it facilitated the State in providing notifications to those who may have been affected. This assessment of the impacted files was recently completed, and, as a result, the State is now actively notifying the impacted individuals through various communication channels, including through a nationwide media press release, letter mail and/or email.

Sent November 9, 2023
[http://cdn-images.mailchimp.com/fb/like.gif]<https://mailchi.mp/maine/cu5lemq6y0-1326912?fblike=true&e=c0feb0a605&socialproxy=https%3A%2F%2Fus2.campaign-archive.com%2Fsocial-proxy%2Ffacebook-like%3Fu%3Da582edd6473e477ef6307c769%26id%3D4d3a6f4f57%26url%3Dhttps%253A%252F%252Fmailchi.mp%252Fmaine%252Fcu5lemq6y0-1326912%26title%3DPriority%2520Notice%253A%2520Information%2520Regarding%2520State%2520of%2520Maine%2520Data%2520Incident>[share on Twitter]<http://twitter.com/share?url=https%3A%2F%2Fmailchi.mp%2Fmaine%2Fcu5lemq6y0-1326912&text=Priority+%20Notice%3A+Information+Regarding+State+of+Maine+Data+Incident&count=none>

Maine DOE Newsroom<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=2d5d788a73&e=c0feb0a605> on Twitter<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=9ff85a98dc&e=c0feb0a605> | Forward to a Friend<https://us2.forward-to-friend.com/forward?u=a582edd6473e477ef6307c769&id=4d3a6f4f57&e=c0feb0a605>

Maine Department of Education<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=6e9cae60ca&e=c0feb0a605> | Maine DOE Newsroom<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=dc59a73582&e=c0feb0a605> | Contact Us<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=0a26bec931&e=c0feb0a605>

You are receiving this e-mail because you opted in at our website.
Our mailing address is:
Maine Department of Education
23 State House Station
Augusta, ME 04333-0023

Add us to your address book<https://maine.us2.list-manage.com/vcard?u=a582edd6473e477ef6307c769&id=21283d239d>
Subscribe to News Releases<https://maine.us2.list-manage.com/track/click?u=a582edd6473e477ef6307c769&id=45b67522bc&e=c0feb0a605> | Update Subscription Preferences<https://maine.us2.list-manage.com/profile?u=a582edd6473e477ef6307c769&id=21283d239d&e=c0feb0a605&c=4d3a6f4f57>





This email was sent to Katherine.Warren at maine.gov<mailto:Katherine.Warren at maine.gov>
why did I get this?<https://maine.us2.list-manage.com/about?u=a582edd6473e477ef6307c769&id=21283d239d&e=c0feb0a605&c=4d3a6f4f57>    unsubscribe from this list<https://maine.us2.list-manage.com/unsubscribe?u=a582edd6473e477ef6307c769&id=21283d239d&e=c0feb0a605&c=4d3a6f4f57>    update subscription preferences<https://maine.us2.list-manage.com/profile?u=a582edd6473e477ef6307c769&id=21283d239d&e=c0feb0a605&c=4d3a6f4f57>
Maine Department of Education * 23 State House Station * Augusta, ME 04333-0023 * USA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://maillist.informe.org/pipermail/doedata/attachments/20231109/70df1398/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 17901 bytes
Desc: image001.jpg
URL: <http://maillist.informe.org/pipermail/doedata/attachments/20231109/70df1398/attachment-0001.jpg>

More information about the DOEdata mailing list