A cyberattack in the Maine Secretary of State’s Office last week briefly interrupted services in the Bureau of Corporations, Elections and Commissions, but no public data was undermined.
“It was serious enough to get some of our top minds in the room together, but it’s nothing that we couldn’t handle,” Kyle Hadyniak, the director of Communications in the Maine Department of Administrative and Financial Services, told The Center Square.
The Office of Information Technology is continuing to work with other entities, including Microsoft, to ensure the problem doesn’t happen again, he said.
The virus attack, which occurred about 3 p.m. Sept. 25, consisted of 1,600 emails, according to a news release from the Secretary of State. “But various layers of security prevented all but 18 emails from reaching employee inboxes. The virus appears to have entered these email systems via a spam email that included a malicious link.”
Staff computers in the Bureau of Corporations, Elections and Commissions were affected, as well as two servers at the Bureau of Motor Vehicles and a server at the Maine State Archives. None of the servers was used in a public capacity, the news release said.
“I don’t think there is a major cause for concern,” Hadyniak said. “I can’t really comment on where the attacks come from or why they do it, but of course when it comes to state services that we provide to the public and other state entities, we place security in the highest importance. We do have multiple measures in place to help protect that information and those services on a daily basis.”
Taking individual precautions is key, Hadyniak said.
“One major thing that we’ve reminded our employees about, or really anybody who uses a computer should know, is that if you get sent an email attachment – maybe a Word doc or a Power Point or a pdf or anything like that – and you don’t recognize the sender or you weren’t expecting the attachment, don’t open it because it could very well contain a malicious virus or something like that. Hackers can get pretty creative with how they try to infiltrate your computer,” Hadyniak said.
In some cases, the emails may look familiar or reference things that users know of, but it’s just a very clever deception, Hadyniak added. “People need to be vigilant. Cyberattacks can happen in a variety of ways that people may never predict. Don’t click on suspicious stuff, don’t click on links, and just keep your guard up.”