The Office of the Maine Attorney General has removed its public-facing data breach database due to abuse of the reporting system. According to the office’s statement, two companies are known to be affected by false reports of data breaches. The false reports have since been removed from the database. 

The two companies known to be impacted by fraudulent filings are Discord and VRChat. 

“After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company,” the office’s statement reads. 

The false report against Discord claimed 10 million individuals were affected by a breach. 

The fake data breach report against VRChat claimed 2.4 million users were impacted by a data breach, exposing information such as usernames, email addresses, subscription statuses, login histories, and user IDs for connected platforms.

The office states it has no knowledge of any legitimate data breach claims against either Discord or VRChat. 

“We are reviewing our procedures to make this abuse less likely in the future while preserving the public availability of such information,” the office states. “The public-facing database will remain offline until then.” 

Organizations that need to submit a data breach report can continue to do so through the office’s online reporting service.