Maine Disables Data Breach Portal After Fake Submissions

The Maine Attorney General's office has deactivated its online data breach notification portal following the submission of fraudulent reports. The bogus filings claimed data breaches involving VRChat and Discord, prompting the state to take down the system to prevent further abuse.

The portal's shutdown underscores a growing challenge for state regulators tasked with managing breach notifications under Maine's data privacy laws. The fake submissions not only consumed administrative resources but also risked spreading misinformation about actual security incidents.

According to SecurityWeek, the incident involved fabricated breach reports filed through the portal designed for companies to notify the state of real data compromises. The specific mechanism used to submit the false reports remains unclear, but the move suggests a deliberate attempt to disrupt or discredit the notification process.

As of now, no timeline has been provided for when the portal will be restored. The Maine AG's office is likely reviewing its submission verification procedures to prevent future incidents. Companies obliged to report breaches may need to use alternative contact methods in the interim.

The false submissions come amid broader scrutiny of state data breach notification systems, which some critics argue are vulnerable to manipulation. While the incident highlights operational risks, the actual security of state systems was not compromised—only the portal's intake function was targeted.