compliance · BleepingComputer
Maine's Attorney General's Office has temporarily disabled public access to its data breach notification portal after fraudulent breach disclosures were submitted to the system. Unknown actors filed fake breach notices impersonating Discord and VRChat, with one filing falsely claiming VRChat suffered a breach affecting over 2.4 million people and using a fabricated employee name. VRChat confirmed the disclosure was fraudulent and unsubmitted by the company. The state removed the false reports from its database and temporarily suspended public access while reviewing procedures to prevent future abuse, though companies may continue submitting breach notifications through the service.
This incident highlights a compliance risk for regulated organizations: state breach notification portals are widely monitored by journalists, researchers, and threat intelligence firms to track new incidents. Fraudulent filings can cause reputational damage and create confusion about actual security posture—a material concern for defense contractors, SaaS platforms, and healthcare providers subject to state-level breach reporting mandates. Organizations relying on these portals to meet NYDFS, HIPAA, or other notification timelines should verify their reporting channels remain functional and consider how to validate submissions on the receiving end. An Omniware engagement can scope controls around breach notification workflows and incident reporting procedures specific to your regulatory environment.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/
Source: BleepingComputer
All briefings