The state of Maine has temporarily removed its public-facing database of breach reports from the internet after two fraudulent reports were published, raising significant concerns regarding the integrity of its data reporting system. According to a statement released by the Office of the Maine Attorney General on June 12, the decision to take the database offline was made in light of the recent incidents and will remain in effect while a thorough review of current procedures is conducted to prevent similar occurrences in the future.
The situation unraveled when the Attorney General’s office engaged in discussions with VRChat, one of the two companies that fell victim to the false reports. It became evident that the reported data breaches were hoaxes initiated by an unidentified entity, which had no affiliation with either VRChat or the other affected organization, Discord. The statement emphasized, “After conversations with VRChat, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company.” The office confirmed that these deceptive reports had been purged from the database and declared, “We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord."
The fabricated reports in question had impersonated VRChat, a popular video game developer, using a fictitious employee’s name as part of the ruse. The misinformation alleged that VRChat had experienced a severe incident affecting approximately 2.4 million users. A document associated with this false claim, which was observed by Infosecurity, appeared strikingly legitimate, alleging that “an unauthorized third party accessed certain user account information between May 10-12, 2026.” This counterfeit letter detailed a series of stolen user information—ranging from usernames and email addresses to subscription histories—formatted in a bullet-point style for easy readability. The document also included sections outlining the company’s remedial actions and subsequent instructions for affected individuals.
Similarly, the deceitful notification concerning Discord alleged that the platform was impacted by an event affecting around 10 million users. The underlying motivations driving the perpetrators of these fraudulent notifications remain obscure, with speculation pointing toward the intent to create confusion or mischief in the public domain.
In response to the clear need for enhanced security and reliability in the reporting system, the Maine Attorney General’s office announced that it is reviewing its procedures to mitigate the risk of similar abuses in the future while maintaining public access to the vital information contained in the breach database. "We are reviewing our procedures to make this abuse less likely in the future while preserving the public availability of such information," the office stated. Until the review is completed, the public-facing database remains offline. However, organizations that need to report a legitimate data breach can utilize the online reporting service provided by the office.
For individuals seeking access to historical breach notifications during this period, the office advises contacting the consumer protection division directly via email. This guidance serves to help maintain transparency and provide necessary support for those impacted by legitimate breaches.
The urgency of this incident underscores a wider trend across the United States, where data breaches have reached record highs. Last year, an astonishing total of 3,332 publicly reported data breaches occurred, marking a 5% increase compared to the previous year, according to data gathered by the non-profit Identity Theft Resource Center (ITRC). This uptick in breaches has had a far-reaching impact, affecting around 279 million individuals across the nation.
In an age where data security is paramount, these recent developments in Maine highlight the ongoing challenges faced in monitoring and safeguarding personal information from threats, whether they emerge from malicious entities or misguided attempts to manipulate public resources. The proactive steps being taken by the Attorney General’s office signal an awareness of these challenges and a commitment to enhancing the reliability and security of publicly available data.