In an unusual misinformation campaign, fraudulent data-breach notices were submitted to Maine's official Attorney General breach portal and published before anyone verified them, forcing named companies to issue denials. One filing falsely claimed a Discord breach affecting more than 10 million people, submitted not by a company representative but by an individual using a personal Gmail address, a placeholder phone number, and impossible dates. Because the portal is public and a listing does not mean a breach is confirmed, the fakes can spread fear, damage reputations, and seed convincing phishing lures. It highlights how trusted disclosure channels can be weaponized.