GoKawiilMaine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future.
Yesterday, BleepingComputer reported that fake data breach disclosures had been submitted to Maine's official breach notification portal impersonating Discord and the multiplayer social virtual reality platform VRChat.
At the time, VRChat told BleepingComputer the filing was fraudulent and had been submitted using the name of a fictitious employee.
In a statement published Friday, the Maine Attorney General's Office acknowledged that data breach "hoaxes" were submitted through the state's reporting system.
"The Office of the Maine Attorney General has been made aware of an apparent abuse of our data breach reporting system," the statement reads.
"After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company. These false reports have been removed from the database. We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord."
The Attorney General's Office says it has now temporarily disabled public access to the breach notification database while it reviews reporting procedures to reduce similar abuse in the future.
Prior to the shutdown, submitted breach notices were automatically published to the public database.
"We don’t have any independent knowledge of the breaches, the submitting entity fills out the information and it goes directly onto the site. We will review the one you’ve flagged, thank you," Maine Attorney General's Office told BleepingComputer.
The notice states that companies can continue to submit breach notifications through the reporting service, but members of the public seeking copies of disclosures must now contact the Attorney General's Office directly.
... continue reading