Maine takes down its data breach notification portal after it is flooded by fake claims

Maine AG’s breach reporting portal abused with fake notices impersonating Discord and VRChat

False reports submitted via public intake system; later confirmed hoaxes and removed

Portal taken offline for investigation, with companies still able to file but public access suspended

The Office of the Maine Attorney General has been forced to pull its reporting portal offline after multiple fake disclosures ended up on the website.

The breach notification portal is a public intake system for legally required data breach notices - so if an organization suffers a breach that affects Maine residents, it can submit its notification through this portal instead of sending an email or snail mail. Once submitted, the Attorney General’s office reviews the notice and usually publishes it, so the public can see confirmed incidents affecting residents.

However recently, fraudulent disclosures impersonating Discord and VRChat ended up on the platform, with the latter having to issue a statement saying the filing was submitted using a fake employee name.

Disabling the portal

Soon after, the Maine AG Office confirmed the reports, saying the fakes were submitted through the state’s reporting system.

"The Office of the Maine Attorney General has been made aware of an apparent abuse of our data breach reporting system," it was said in the statement.

"After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company. These false reports have been removed from the database. We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord."

To prevent similar abuse in the future, the Maine AG Office launched an investigation and temporarily disabled public access to the portal.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"We don’t have any independent knowledge of the breaches, the submitting entity fills out the information, and it goes directly onto the site. We will review the one you’ve flagged, thank you," Maine Attorney General's Office told BleepingComputer.

Companies can still submit breach notifications through the reporting service, but the general public looking for information will need to contact the Office directly.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.