Maine Government Email Breach: What You Need To Know

According to an article on the WGME website, state officials say they’re now working to figure out how cybercriminals managed to break into a Maine government employee’s email account and use it to send phishing messages to people both inside and outside of state government.

The Secretary of State’s Office says the breach was discovered early Monday afternoon and was contained shortly after it was identified.

Investigators say the hackers used the compromised Maine.gov account to send messages that looked legitimate, since they came from a real state employee. Those emails were designed to trick recipients into clicking a link that would capture login credentials.

A spokesperson for the Secretary of State’s Office said the state’s Security Operations Center moved quickly, securing the account, shutting down the suspicious activity, and stopping any additional unauthorized emails from being sent.

The messages, which used the subject line “MAINE,” went out to both internal staff and outside contacts. Because they appeared official, some recipients may not have immediately realized they were scams.

So far, officials say there’s no indication that sensitive or personal data was accessed, but it’s still unclear how many people received the emails.

Anyone who got one is urged to delete it immediately. If you clicked the link, officials recommend changing your password and enabling multi-factor authentication.