Maine Attorney General removes public-facing breach database
The Office of the Maine Attorney General has taken its public-facing data breach database offline after detecting abuse of the reporting system, the office said in a public statement. The office characterized the filings as fraudulent and confirmed that the false entries have been removed from the database.
In announcing the removal, the office said it was reviewing internal procedures "to make this abuse less likely in the future while preserving the public availability of such information." It added, "The public-facing database will remain offline until then." The office did not provide a timeline for when the database would be restored.
Two companies named as targets: Discord and VRChat
According to the office, two companies are known to have been impacted by the fraudulent filings: Discord and VRChat. The false report against Discord claimed 10 million individuals were affected. The fake report about VRChat asserted that 2.4 million users were impacted and listed exposed data types including usernames, email addresses, subscription statuses, login histories, and user IDs for connected platforms.
The office stated it has "no knowledge of any legitimate data breach claims against either Discord or VRChat," and the entries identified as hoaxes were removed from the public record after review and conversations with VRChat.
How reporting continues while the database is offline
Although the public-facing database is unavailable, the Office of the Maine Attorney General said organizations that need to submit a data breach report can still do so through the office's online reporting service. The office framed the move as a procedural response intended to reduce the likelihood of future abuse while maintaining the ability for entities to make official reports.
Details on whether the office will change submission requirements, verification steps, or public-display processes were not disclosed in the office's statement beyond the general commitment to review procedures.
What this means for technologists, regulators, and end users
- Technologists and security teams: Expect attention to the mechanics of public reporting systems and to any changes the office implements to prevent false filings while keeping legitimate disclosure channels open. The office's review of procedures is the specific action cited in the statement.
- Regulators and policymakers: The office's decision highlights a trade-off the statement explicitly names — preventing abuse versus preserving public availability of breach information — and signals that process changes are being considered to address that balance.
- End users and affected communities: For users of Discord and VRChat, the office has said it has no knowledge of legitimate breaches for either company and that the allegations identified were hoaxes; the false entries claiming 10 million affected for Discord and 2.4 million for VRChat were removed from the database.
Conclusion: database offline pending procedural review
The Office of the Maine Attorney General removed its publicly viewable breach database after identifying fraudulent filings attributed to an "unknown entity" and after confirming with VRChat that at least one filing was a hoax. The office has removed the false records, continues to accept official breach reports through its online reporting service, and is reviewing procedures "to make this abuse less likely in the future while preserving the public availability of such information." For now, the public-facing database remains offline as the office considers how to prevent future misuse without permanently restricting public access.
