The state of Maine has taken its public-facing database of breach reports offline following the publication of two false reports.
The Office of the Maine Attorney General said in a statement on June 12 that the database would remain unavailable while it reviews its procedures to make such abuses less likely in the future.
“After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company,” the statement continued.
“These false reports have been removed from the database. We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord.”
Read more on data breach notifications: Millions of Car Owners Hit By Credit700 Data Breach
One of the reports in question impersonated video game developer VRChat using the made-up name of an employee. It claimed the firm had suffered a serious incident impacting 2.4 million people.
The faked letter, seen by Infosecurity, looked convincing , claiming that “an unauthorized third party accessed certain user account information between May 10-12, 2026.”
It lists the stolen information – including username, email address and subscription history – in bullets, and includes sections on what the firm has done to remediate the incident plus next steps for victims.
The fake Discord notification claimed that the social and messaging platform provider was hit by an incident which impacted 10 million users.
It’s unclear what the perpetrators’ motive was for filing the fraudulent notifications, short of making mischief.
“We are reviewing our procedures to make this abuse less likely in the future while preserving the public availability of such information,” the Maine attorney general’s office said. “The public-facing database will remain offline until then. In the interim, if you are an entity who needs to submit a data breach report, you can continue to do so through our online reporting service.”
Anyone looking to get access to historic breach notifications is urged to contact the office’s consumer protection division directly via email.
There were a record 3332 publicly reported data breaches in the US last year, a 5% annual increase, according to data compiled by non-profit the Identity Theft Resource Center (ITRC). Around 279 million individuals were impacted.
