Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags

A data breach notice submitted to the Maine Attorney General’s office has named Discord Inc. as the affected company, but the filing includes several details that make the claim difficult to treat as confirmed.

The notice, submitted on June 8, 2026, lists Discord Inc. of San Francisco, California, as the entity involved. It claims that more than 10 million people were affected by an incident described as “Insider wrongdoing.” The number of affected Maine residents is listed as unknown.

The submission says the breach occurred on July 9, 2024, and was discovered on August 2, 2025. That timeline places the reported discovery more than a year after the listed breach date, with the notice submitted in 2026.

The filing was not submitted by a named Discord legal, privacy, or security representative. The “Submitted By” section lists Xavier Morrison, with the relationship to the affected entity described as “Data Subject / Reporter.”

The listed phone number appears to be a placeholder (a fake, inactive, or reserved number), and the email address provided is a personal Gmail account. A review of a previous data breach notice submitted for Discord to the Maine Attorney General’s office in 2023 shows that the company was represented in that filing by BakerHostetler, an American law firm.

Those details are important to notice because state breach portals can contain notices submitted by parties other than the company itself. A filing can name a company and include serious claims, but that does not automatically mean the company has verified the incident or issued the notice directly.

The notice also leaves important fields unclear. It does not specify which personal data elements were acquired beyond “Name or other personal identifier in combination with,” and the attached consumer notice field appears blank. It also lists the consumer notification date as January 1, 2000, a date that does not align with the reported breach or discovery timeline.

Additionally, no identity theft protection services were offered, according to the filing. The notice says consumer notification was electronic, but it does not provide a copy of the notice sent to Maine residents.

What Is Maine’s Data Breach Filing System?

Maine’s data breach filing system is a public reporting portal run by the state Attorney General’s office. Companies and other parties use it to submit notices when personal information may have been exposed in a security incident involving Maine residents.

The portal helps the public, regulators, and journalists track reported breach notices, but a listing on the site does not always mean every detail has been independently verified by the state or confirmed by the company named in the filing.

The only known recent cybersecurity incident publicly acknowledged by Discord was disclosed in October 2025, when the company confirmed that hackers stole government ID photos and private data belonging to about 70,000 users through a third-party vendor breach.

Another incident, submitted to the Maine Attorney General’s office in 2023, confirmed a total of 180 data breach victims, also due to a third-party breach.

At this stage, the Maine filing should be read as an unverified breach claim involving Discord, not as confirmation that Discord suffered a breach affecting more than 10 million users. The submission contains enough irregularities to warrant caution, including the reporter role, missing notice copy, incomplete data category information, and unusual notification date.

Discord users do not need to panic based on this filing alone. A practical response would be to keep two-factor authentication enabled, review active sessions, avoid suspicious links, as hackers can use this notice to send phishing emails, and watch for any direct notice from Discord or an official regulator.

Hackread.com has reached out to Discord for comment.