Maine's widely utilized public data breach reporting portal has been taken offline after two fabricated breach notices were successfully posted. The incident underscores potential weaknesses in systems designed for public transparency regarding data compromises. One of the bogus reports, appearing last Thursday, falsely claimed a breach impacting 2.4 million customers of the virtual reality social platform **VRChat**. This notice was reportedly submitted on fake **VRChat** letterhead. ### Hoaxes Prompt Immediate Action A second fraudulent breach notice targeting **Discord** was also identified. The **Office of the Maine Attorney General** confirmed the removal of these "hoaxes" and stated it has "no knowledge of any recent legitimate data breach reports" from either company. In response, the portal, a valuable resource for security researchers, journalists, and threat intelligence firms, will remain inaccessible to the public. Companies are still permitted to report breaches directly to the state, and the public can inquire about existing reports by contacting the attorney general's office. ### System Audit Underway The Maine Attorney General's office is conducting an audit of its procedures to prevent similar abuses in the future. Their press release stated, "We are reviewing our procedures to make this abuse less likely in the future while preserving the public availability of such information. The public-facing database will remain offline until then." Historically, the portal allowed companies to add notices without prior review, a factor that likely contributed to its susceptibility to abuse. ### VRChat Expresses Concern Over Response Time **VRChat** issued a statement confirming the fake breach notice and expressing concern over the delay in its removal. "Despite our best efforts, this notice remained up for several hours," the company stated. **VRChat** further clarified, "We want to make it perfectly clear that we have no reason to believe that our data and systems were compromised, and we did not submit any official notice about a data breach." Bleeping Computer was the first to report on the fake postings. Neither **VRChat** nor **Discord** have commented further on the incident. While Maine has only publicly named **Discord** and **VRChat** as victims, there is a possibility that additional fraudulent notices may have been posted before the portal's shutdown.