Maine's Breach Portal Misused for Fake Data Breach Reports

Maine's official data breach notification portal was exploited to submit fraudulent disclosures, including a fake report from VRChat claiming a breach affecting over 2.4 million users. The Maine Attorney General's Office confirmed that these submissions were hoaxes and have since removed them from the database. Following this incident, Maine has temporarily disabled public access to the breach notification portal while reviewing its procedures to prevent future abuses. The fraudulent entries included fabricated details and impersonated legitimate companies like Discord and VRChat. VRChat has publicly denied the authenticity of the reports and is working with the Attorney General's office to rectify the situation. No legitimate data breaches have been reported by either company. The incident highlights vulnerabilities in the automated reporting system that allowed unverified claims to be published. The Attorney General's office is now reviewing the submission process to enhance security.

Key Points: • Maine's breach portal was exploited to submit fake data breach notifications. • VRChat and Discord were impersonated in fraudulent disclosures affecting millions. • Maine has temporarily disabled the breach notification portal for review.