The potential breach could affect a larger number of people from other states, according to an AP report citing department officials. Neither the Conservation Department, nor the Maine Attorney General posted an announcement about the potential breach on their websites.
Notices concerning the potential data breach were sent to the 970 credit card holders in Maine informing them of the incident. State officials learned of the breach in February.
InfoSpherix, a Maryland-based company that is a subsidiary of Active Network, was the online vendor that handled online purchase of the state’s park passes and suffered the malware attack, according to the report.
The company told Maine officials that the problem could go far beyond the state because hackers managed to breach several servers containing credit card numbers and expiration dates, according to Assistant Attorney General Thom Harnett. Names associated with those cards were kept on another server, he said.
As a precaution, the Maine Attorney General's Office alerted attorneys general in other states, the report noted.