ANNAPOLIS, MD— The State of Maryland today is encouraging Marylanders to take precautionary action to protect their identity in the wake of a wide-reaching cyber attack. Along with an undetermined number of organizations across the nation, the Maryland Department of Human Services was affected by the MOVEit data breach, which occurred at a third-party vendor contracted by the state and is believed to be tied to a security flaw in a file transfer tool.
There is no current indication that any stolen data involved has been sold, used, shared or released, and the attackers have not contacted the State of Maryland.
Governor Wes Moore directed the Department of Information Technology’s Office of Security Management to carry out a thorough investigation of the incident and determine whether any additional state agencies may be affected. The Governor’s Office and the department will continue to monitor for vulnerabilities, apply security patching, and coordinate response among state agencies and entities potentially involved.
State agency IT contacts and emergency coordinators, as well as local emergency managers, have been notified and encouraged to review the advisory published by the federal Cybersecurity and Infrastructure Security Agency and apply any necessary patches to address potential vulnerabilities with DoIT’s assistance.
Marylanders are encouraged to stay vigilant and may take the following precautions to monitor and protect their identity:
Change Online Passwords
Consider changing passwords for online accounts, including banking, social media, and healthcare portals. Use multi-factor authentication when able. Learn more about password protection at www.CISA.gov.
Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:
Experian
1-888-397-3742
www.experian.com/freeze
Equifax
1-800-685-1111
www.equifax.com/personal/credit-report-services/credit-freeze/
TransUnion
888-909-8872
www.transunion.com/credit-freeze
Marylanders may also request their credit report from these agencies to look for suspicious activity.
Protect Your Tax Refund and Returns with the Internal Revenue Service
To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin or calling the IRS at 1-800-829-1040.
Check your Social Security Benefits
All individuals who are eligible, applied for, or are receiving social security benefits (including disability), should consider registering for an ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.
Report Suspected Identity Theft
If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.
This is an evolving situation and more information will be provided as it becomes available.
Additional tips on protecting your data and identity can be found at www.IdentityTheft.gov.
---
More Info on the breach:
There is no current indication that any stolen data involved has been sold, used, shared or released, and the attackers have not contacted the State of Maryland.
Governor Wes Moore directed the Department of Information Technology’s Office of Security Management to carry out a thorough investigation of the incident and determine whether any additional state agencies may be affected. The Governor’s Office and the department will continue to monitor for vulnerabilities, apply security patching, and coordinate response among state agencies and entities potentially involved.
State agency IT contacts and emergency coordinators, as well as local emergency managers, have been notified and encouraged to review the advisory published by the federal Cybersecurity and Infrastructure Security Agency and apply any necessary patches to address potential vulnerabilities with DoIT’s assistance.
Marylanders are encouraged to stay vigilant and may take the following precautions to monitor and protect their identity:
Change Online Passwords
Consider changing passwords for online accounts, including banking, social media, and healthcare portals. Use multi-factor authentication when able. Learn more about password protection at www.CISA.gov.
Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:
Experian
1-888-397-3742
www.experian.com/freeze
Equifax
1-800-685-1111
www.equifax.com/personal/credit-report-services/credit-freeze/
TransUnion
888-909-8872
www.transunion.com/credit-freeze
Marylanders may also request their credit report from these agencies to look for suspicious activity.
Protect Your Tax Refund and Returns with the Internal Revenue Service
To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin or calling the IRS at 1-800-829-1040.
Check your Social Security Benefits
All individuals who are eligible, applied for, or are receiving social security benefits (including disability), should consider registering for an ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.
Report Suspected Identity Theft
If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.
This is an evolving situation and more information will be provided as it becomes available.
Additional tips on protecting your data and identity can be found at www.IdentityTheft.gov.
---
More Info on the breach:
MOVEit data breach - Google Search
www.google.com